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Abstract. One of the central open questions in bounded arithmetic is whether Buss' 
hierarchy of theories of bounded arithmetic collapses or not. In this paper, we reformulate 
Buss' theories using free logic and conjecture that such theories are easier to handle. To 
show this, we first prove that Buss' theories prove consistencies of induction-free fragments 
of our theories whose formulae have bounded complexity. Next, we prove that although 
our theories are based on an apparently weaker logic, we can interpret theories in Buss' 
hierarchy by our theories using a simple translation. Finally, we investigate finitistic 
Godel sentences in our systems in the hope of proving that a theory in a lower level of 
Buss' hierarchy cannot prove consistency of induction-free fragments of our theories whose 
formulae have higher complexity. 



1. Introduction 

One of the central open questions in bounded arithmetic is whether Buss' hierarchy Q 
-^2 — ^2 — -^2 — " ' °f theories of bounded arithmetic collapses [5] or not. Since it is known 
that collapse of Buss' hierarchy implies the collapse of the polynomial-time hierarchy [8J, 
demonstration of the non-collapse of the theories in Buss' hierarchy could be one way to 
establish the non-collapse of the polynomial-time hierarchy. A natural way to demonstrate 
non-collapse of the theories in Buss' hierarchy would be to identify one of these theories 
that proves (some appropriate formulation of) a statement of the consistency of some theory 
below it in the hierarchy. 

Here, it is clear that we need a delicate notion of consistency because of several negative 
results that have already been established. The "plain" consistency statement cannot be 
used to separate the theories in Buss' hierarchy, since Paris and Wilkie |19j show that S2 (= 
U S2) cannot prove the consistency of Robinson Arithmetic Q. Apparently, this result stems 
more from the use of predicate logic than from the strength of the base theory. However, 
Pudlak [14J shows that S2 cannot prove the consistency of proofs that are carried out within 
S2 and are comprised entirely of bounded formulae. Even if we restrict our attention to 
the induction-free fragment of bounded arithmetic, we cannot prove the consistency of such 
proofs, as shown by Buss and Ignjatovic [6]. More precisely, Buss and Ignjatovic prove that 
$1 cannot prove the consistency of proofs that are comprised entirely of and formulae 
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and use only BASIC axioms (the axioms in Buss' hierarchy other than induction) and the 
rules of inference of predicate logic. 

Therefore, if we want to demonstrate non-collapse of the theories in Buss' hierarchy, 
we should consider a weaker notion of consistency and/or a weaker theory. A number 
of attempts of this type have been made, both on the positive side (those that establish 
provability of consistency of some kind) and on the negative side (those that establish 
non-provability of consistency). On the positive side, Krajicek and Takeuti [9] show that 
T\ \~ RCon(T-f), where T\ is obtained from T\ by eliminating the function symbol and 
RCon(T{) is a sentence which states that all "regular" proofs carried out within T\ are 
consistent. Takeuti [T7], [18] shows that there is no "small" strictly i-normal proof w of 
contradiction. Here, u w is small" means that w has its exponentiation 2 W . Although Takeuti 
allows induction in strictly i-normal proof w, the assumption that w is small is a significant 
restriction to w since bounded arithmetics cannot prove existence of exponentiation. An- 
other direction is to consider cut-free provability. Paris Wilkie [19] mentioned above proves 
that IAq + exp proves the consistency of cut- free proofs of IAq. For weaker theories than 
IAq + exp, we need to relativized the consistency by some cut, then we get similar results 
|13j . [2]. For further weaker theories, Beckmann [4] shows that proves the consistency 
of S^ 00 , where S^ 00 is the equational theory which is formalized by recursive definitions of 
the standard interpretations of the function symbols of S2. Also, it is known that S\ proves 
Con(Crj), that is, the consistency of quantified propositional logic G{. On the negative side, 
we have the results mentioned above, that is, those of Paris and Wilkie [19J, Pudlak |14j . 
and Buss and Ignjatovic [6]. In addition, there are results which extend incompleteness 
theorem to Herbrand notion of consistency [3] , [I] . 

In this paper, we introduce the theory S\E (i = —1,0,1,2...), which for i > 1 cor- 
responds to Buss' SI, and we show that the consistency of strictly i-normal proofs that 
are carried out only in S 2 ~ 1 E, can be proved in S^ 2 - We improve on the aforementioned 
positive results in that 1) unlike T[ or Gi, S l 2 E is based on essentially the same language 
as S 2 , thereby making it possible to construct a Godel sentence by diagonalization; 2) un- 
like Takeuti |17| . |18j . we do not assume that the Godel number of the proofs which are 
proved consistent are small, that is, have exponentiations, thereby making it possible to 
apply the second incompleteness theorem — in particular, to derive a Godel sentence from 
the consistency statement; 3) unlike the results on Herbrand and cut-free provability, S\E 
has the Cut-rule, thereby, making it easy to apply the second incompleteness theorem; and 
4) unlike Beckmann [4], our system is formalized in predicate logic. On the other hand, 
we are still unable to show that the consistency of strictly i-normal proofs is not provable 
within 5*2 for some j < i, but see Section [5] In a sense, our result is an extension of that 
of Beckmann [4] to predicate logic, since both results are based on the fact that the proofs 
contain "computations" of the terms that occur in them. In fact, if we drop the Cut-rule 
from S 2 ~ 1 E, the consistency of strictly i-normal proofs can be proved in S\ for any i. This 
"collapse" occurs since, roughly speaking, the combination of the Cut-rule and universal 
correspond substitution rule in PV. 

S\E is based on the following observation: The difficulty in proving the consistency of 
bounded arithmetic inside S2 stems from the fact that inside S2 we cannot define the evalua- 
tion function which, given an assignment of natural numbers to the variables, maps the terms 
of S 2 to their values. For example, the values of the terms 2, 2#2, 2#2#2, 2#2#2#2, . . . 
increase exponentially; therefore, we cannot define the function that maps these terms to 
their values, since the rate of growth of every function which is definable in S2 is dominated 
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by some polynomial in the length of the input [12]. With a leap of logic, we consider this 
fact to mean that we cannot assume the existence of values of arbitrary terms in bounded 
arithmetic. Therefore, we must explicitly prove the existence of values of the terms that 
occur in any given proof. 

Based on this observation, S\E is formulated by using free logic instead of the ordinary 
predicate calculus. Free logic is a logic which is free from ontological assumptions about 
the existence of the values of terms. Existence of such objects is explicitly stated by an ex- 
istential predicate rather than being implicitly assumed. See [11] for a general introduction 
to free logic and [15] for its application to intuitionistic logic. 

Using free logic, we can force each proof carried out within S 2 l E to somehow "contain" 
the values of the terms that occur in the proof. By extracting these values from the proof, 
we can evaluate the terms and then determine the truth value of formulae. The standard 
argument using a truth predicate proves the consistency of strictly i-normal proofs that are 
carried out only in S 2 ■ It is easy to see that such a consistency proof can be carried out 
inSf 2 . 

The paper is organized as follows. In Section [2] we define S\E and compare it to the 
systems of logic defined in [11] and [15j . In Section [3] we present the main result of this 
paper: a proof inside S l 2 + of the consistency of induction-free strictly i-normal proofs. In 
Section|3]we prove the "bootstrapping theorem," in which we show that although our theory 
S\E is based on an apparently weaker logic, we can interpret S\ inside S\E if i > 1. Unlike 
the interpretation of S\ by Q [7], our interpretation does not increase the complexity of 
formulae; in particular, all bounded formulae are interpreted as bounded formulae. Finally, 
in Section [5] we raise the question of whether the consistency of induction-free strictly i- 
normal proofs can be proved inside S 2 . We consider a countably infinite set of finitistic 
Godel sentences of S 2 l E to investigate this question. 

2. Definition of S 2 E 

S^E C St$E C S\E C SlE C • • • is a hierarchy of theories resembling Buss' hierarchy 
S^ 1 C S 2 C S\ C S 2 5= ' ' ' • (F° r purposes of comparison with our system, we include 
S^and S 2 in Buss' hierarchy, where S^ 1 is defined as the theory which consists of the 
formulae that can be proved from the BASIC axioms via the rules of inference of predicate 
logic, and S 2 is the set of formulae that can be proved from the BASIC axioms via the 
rules of inference of predicate logic together with induction on quantifier- free formulae.) 
Our system is equipped with a predicate E which signifies existence of the values of terms. 
In this section, we introduce the theories S 2 E (i > —1) and their languages, and we prove 
their basic properties. 

Definition 2.1. The theory S 2 E consists of the formulae of S 2 E that can be proved from 
the union of a finite set of logical axioms and a finite set A of proper axioms (as defined in 
Section \2.2\ via the rules of inference of free logic (with some modifications) and (for i > 0) 
the PIND rule; the latter is an induction principle for formulae which is based on the 
binary representations of the nonnegative integers. We do not explicitly specify what A is. 
Instead, we make it extensible, and we specify certain conditions that A must satisfy. We 
do this so that the motivation behind the axioms will be more transparent. We also allow 
the set T of function symbols to be extensible. S l 2 E(T ", A) denotes the individual theory 
obtained by the function symbols in J- and the proper axioms in A. 
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An S 2 E proof (i = — 1, 0, 1, . . . ) is a formal deduction in which only the rules of inference 
of S\E are used. Thus in an S\E proof, induction is restricted to application of the E|- PIND 
rule; in the i = — 1 case, induction is not allowed at all. 

The theory S\E is thus the set of formulae A of S\E for which an S 2 E proof of the 
sequent — > A exists, which we denote by S 2 E h A. We call such formulae theorems of S 2 E. 
We also use the notation h for sequents: S l 2 E h V — > A. 

In Subsection 12.11 we define the language of S 2 E. In Subsection 12.21 we describe the 
conditions that must be satisfied by A, and in Subsection 12.31 we introduce the rules of 
inference of S 2 E. In Subsection 12.41 we compare our system to known systems of free logic. 

2.1. Language of S 2 E. The vocabulary of S 2 E is obtained from that of S 2 by adding 
the unary predicate symbol E and replacing the set of function symbols of S2 with an 
arbitrary but finite set T of function symbols which denote polynomial-time computable 
functions. The formulae of S 2 E are built up from atomic formulae by use of the propositional 
connectives -1, A, V; the bounded quantifiers Vx < t,3x < t; and the unbounded quantifiers 
Vx, 3x. Implication (d) is omitted from the language, and negation (->) is applied only 
to equality = and inequality <. These restrictions appear essential to prove consistency. 
If there is implication (or negation applied to arbitrary formulae) in S 2 1 E, S 2 1 E allows 
induction speedup [6] [H], therefore S 2 1 E polynomially interprets S 2 E, i > 0. This allows 
to prove Ef(n) for any polynomial time / in S 2 1 E by a proof whose length is bounded by 
some fixed polynomial of length of binary representation of n. However, this contradicts 
the statement of soundness (Proposition 13. 20|) 

Since the standard interpretation of all function symbols in T are a polynomial-time 
computable functions, all the function symbols of S2E are definable in S 2 , and we assume 
that Cobham's recursive definitions of polynomial-time computable functions are attached 
to the corresponding function symbols. 

We sometimes identify the function symbols of S2E with their standard interpretations. 
The distinction between the two types of entities will be clear from the context. 

Definition 2.2. A set T of function symbols (for polynomial-time computable functions) 
is well grounded if it satisfies the following conditions. 

(1) T contains the n-ary constant zero function n (the n-ary constant function whose 
value is 0); the n-ary projection function projf (the n-ary function that outputs the 
Zth element in a sequence of length n), k = 1, . . . , n; and the so-called binary successor 
functions so and s±, where so (resp. si) is the unary function defined by so(a) := 2a 
(resp. si(a) := 2a+l). Note that the binary representation of 2a (resp. 2a+l) is obtained 
by appending (resp. 1) to the binary representation of a, whence the moniker binary 
successor function. 

(2) If / S T is defined from functions g, h\, . . . , h n by composition, then g, h%, . . . , h n € T . 

(3) If / € T is defined from functions g,h%,h2 by recursion, that is, / is defined by the 
equations 

f(0,x)=g(x) (2.1) 
f(s x, x) = h (x, x, f(x, x)) (2.2) 
/(six, x) = hi(x, x, fix, x)) (2.3) 
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then g, h\,h 2 G T. Cobham's limit recursion on notations can be written as above, 
providing Cond, # G T . Since Cond, # can be denned by recursion as above, for any 
finite set of polynomial time functions /i, • • • , / n , there is a well-grounded T such that 
fl , ■ ■ ■ ifn £ J 7 . 

If T is well grounded (which is true of every set T of function symbols we consider in 
this paper), we can define the definition degree d(f) of each / G T . 

Definition 2.3 (Definition degree). Let / G F. 

(1) If / is 0", projr, s , si, then d(f) := 0. 

(2) If / is defined from g,h%, . . . ,h n by composition, then 

d(f) := 1 + max{d(g),d(hx), d(h n )} (2.4) 

(3) If / is defined from g,hi,h 2 by recursion, then 

d(f) := 1 + max{d(g), d(/n), d(h 2 )} (2.5) 

Induction on the definition degree of / is used in Subsection 14 . 21 to prove the totality of / 
(i.e., that Ea\, . . . , Ea n — > Ef(a±, . . . , a n ), where a%,...,a n are used here as meta-symbols 
for variables of S\E). Now we define the vocabulary of S % 2 E(F, A). 

Definition 2.4 (Vocabulary). The vocabulary of S\E(F,A) consists of the following sym- 
bols. 

Constant symbols: The only constant symbol of S 2 is 0. 

Variables: The variables of S 2 E are x\, x 2 , We often use a, b and ai, a 2 , ■ ■ ■ , &i, b 2 , ■ ■ ., 

x, y, xi,x 2 , . . . as meta-symbols for variables, and we often denote a finite sequence of 
variables by a, a', or b. 

Function symbols: The function symbols of S 2 E{T, A) are the symbols in the finite set 
T . For all i > 0, we can interpret S 2 in S^E^, A), provided that J- contains the function 
symbols of S2 (those for the unary functions S, | • | and the binary functions +, 
•), where S is the successor function division by two rounded to 0, length defined by 
S(a) := a + 1 and [^J i s the function where [|J is defined as the natural number n 
such that a G {2ra, 2n + 1}. As stated earlier, \a\ is defined as the number of bits in 
the binary representation of a (by convention, |0| = 0). The binary function # is the 
so-called smash function defined by a#6 := 2l a ll fe l, and + and • are the usual addition 
and multiplication functions, respectively. We assume that these function symbols are 
contained in T . Further as we exploit the binary representations of the natural numbers 
(as finite bit strings), we introduce the binary function and 0. ©(a, b) is defined 
as the natural number whose binary representation is the concatenation of the binary 
representations of the natural numbers a and b (the bits of a being the most significant 
bits of ©(a, &)). G(a, b) is defined as L^wJ • We also assume © and © are contained in T . 

From this point on, we write them in infix notation (as in u © r and uQr). Since the 
functions and © are polynomial-time functions, and thus S^-definable in S 2 , we use 
the notations u © r and u r in our informal proofs as well as in actual formulae of S 2 
and S 2 E. 

Predicate symbols: S 2 E has three predicate symbols: E, =, <. The unary predicate 
E signifies that, for every term t of which E is asserted to hold, the value of t actually 
exists(i.e., that it converges to a standard natural number). The binary predicate = 
signifies equality, and < signifies the less-than-or-equal-to relation, p is used as a meta- 
variable for the predicate symbols = and <. 
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Definition 2.5 (Terms). The terms of S 2 E are denned recursively as follows. 

• and the variables x±, X2, £3, • . . are terms. 

• If / is an n-ary function symbol and t±, . . . , t n are terms, then f(t\, . . . , t n ) is a term. 

We use s,t,t±,t2, ■ ■ ■ ,ui,U2, ■ ■ ■ as meta- variables for terms, and we often denote a finite 
sequence of terms by s or t. 

For the functions S, sq,s\, we omit parentheses, instead denoting S(t), so{t), and s\(t) 
by St, sot, and s\t, respectively. Also, we write or [^J for [^\t, and we write the 
binary functions +, • in infix notation, as in t + u. 

We define numerals as terms which are constructed from so, s±, and alone. They 
are used in S 2 E to denote natural numbers. We (informally) use the numbers 0, 1,2, . . . 
(represented in the decimal system) to denote numerals. In general, we use the same 
notation for numerals as for the corresponding natural numbers. The distinction between 
the two types of entities will be obvious from the context. 

Definition 2.6 (Formulae). The formulae of S 2 E are defined recursively as follows. 

• If t is a term, then Et is a formula. 

• If p is = or < and ti,t 2 are terms, then p{t\,t2) is a formula. 

• If p is = or < and ii,i2 are terms, then — 1 , *2 ) is a formula. 

• If A and B are formulae, then A A B and AvB are formulae. 

• If A{a) is a formula and x is a variable, then \lx.A(x) and 3x.A{x) are formulae. 

• If A(a) is a formula, x is a variable, and t is a term, then Vx < t.yl(x) and 3x < t.A(x) 
are formulae. 

We use A, B, . . . , Aq, Ai, A 2 , ■ ■ ■ as meta-variables for formulae, and r, A, II, A, and 
Ti, T 2 , . . . , Ai, A2, • • • as meta-variables for finite sequences of formulae. T, II denotes the 
concatenation of T and II (in that order: T followed by II). The concatenation of a finite 
sequence T and a single formula A is denoted by T, A, while the concatenation of A and T 
is denoted by A, T. 

If p is = (resp. <), we write the formula p(ti,t2) in infix notation, as t\ = t2 (resp. 
ti < t 2 ). We write the negations of t\ = t2 and t\ < t 2 as t\ 7^ t2 and t\ ^ t2 ; respectively. 
In the meta-language, a notation of the form a = b means that a and b are the same 
syntactic construct (the same variable, the same term, the same formula, or the same 
sequence of variables/terms). We often write Ea to denote the sequence Ea±, . . . ,Ea^ for 
a finite sequence a = a\, . . . of variables. 

Formulae have the usual meaning, and free and bound variables are defined as usual. 
We sometimes write A(a) to indicate that a is possibly among the variables that occur 
free in A. This notation does not imply that a actually occurs in A; what it indicates is 
that if a does occur in A, then a occurs free in A. We tend to use meta-symbols such 
as x,y,x\,X2, ■■■ for variables that are captured by an outer quantifier, as in \/x.A(x) or 
3x.A(x), and meta-symbols such as a, b, a±, 0,2, ■ ■ ■ , b\, b2, ■ ■ ■ otherwise. We write A(t) for 
the formula which is obtained by substituting the term t for a in A (a) (or for the variable x 
in A{x)). We follow the convention of assuming that variables which occur bound in A(a) 
and also occur in t are renamed in A(a) before such a substitution is made, so that the 
variables in t are not "accidentally" bound in A(t). 

We say that a quantifier is bounded if it is of the form Vx < t or 3x < t. On the other 
hand, the quantifiers Vx and 3x, without the bound < t, are called unbounded. 

A formula of the form t\ = t2 or t\ < t2 is called atomic, and a formula of the form Et, 
t\ = t 2 , t\ < t 2 , t\ / t2, or t\ j£ t2 is called basic. Also, a formula of the form Et is called 
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an .E-form, but in contrast to the usual convention for atomic formulae in predicate logic, 
an E-form is denned not to be atomic. 

In S\E, implication is absent and negation is restricted to atomic formulae. We interpret 
the negation —iA for a non E-form formula A as the De Morgan dual A, and the implication 
A C B as A V B. As shown in Section 14.41 an d 3 defined in this way satisfy the usual 
rules of inference of predicate logic, provided that all the functions represented by function 
symbols of S2E are provably total (that is, for each n-ary function symbol /, we can prove 
Eai, . . . , Ea n — > Ef{a\, . . . , a n )). This fact is proved in Proposition 14.31 

Since implication is absent, we cannot code bounded universal quantification by un- 
bounded universal quantification together with implication. Therefore, we need bounded 
quantifiers that are constructs in their own right. 

By formalizing the notion of "usual meaning," we obtain an interpretation of the for- 
mulae of S\E in S2. 

Definition 2.7 (Standard Interpretation). We interpret an S\E formula A in S2 by first 
replacing every sub formula of A which is of the form Et with the S2 formula t = t, and then 
replacing the function symbols in the resulting formula with their S\ definitions. Therefore, 
we obtain an interpretation of the S^E formulae in S^, and for i G {—1,0} we obtain an 
interpretation of the S\E formulae in S\. 

In Subsection 14.11 we present an interpretation of the S l 2 formulae in S^E^J 7 , A) for any 
T that contains the function symbols of S%. 

We say that a formula of S\E is bounded if all of its quantifiers are bounded. The 
bounded formulae of S\E are classified into hierarchies E^n?- (j G N). 

Definition 2.8 (E^, ITj). The classes E^, ITj of bounded formulae of S\E are defined recur- 
sively as follows. 

• Sq = LIq is the set of quantifier-free formulae (formulae without quantifiers). 

• If A, B G T, b j, then A A B, A V B € E§. Similarly, if A, B G n^, then A A B, A V B G II}. 

• If A G Ej, then AeIL b j+v Similarly, if A G ED*, then iGEj +1 . 

• UA(a) G E}, then Vx < t.A(x) G n} +1 . Similarly, if A(a) G 11^, then 3x < t.A(x) G E b j+V 

These hierarchies are used to control the strength of mathematical induction in S2E, 
just as in Buss' system. 

2.2. Axioms of S\E. In this subsection, we first discuss the conditions which all axioms 
of S\E must satisfy. Then we introduce the logical axioms, and finally we impose certain 
conditions on the axioms in A that will allow us to interpret S\ inside S\E for % > 1. 

For our proof of consistency of strictly i-normal proofs to work, the axioms of S\E must 
satisfy the boundedness conditions. 

Definition 2.9. A sequent r — > A satisfies the boundedness conditions if it has the following 
three properties, where a are the variables that occur free in T — >■ A. 

(1) All the formulae that occur in T — > A are basic. 

(2) Every variable in a occurs free in at least one formula in T. 

(3) There is a constant a G N such that 

5*2 l~ max{iA(o)} < a ■ max{tr(o)}, (2-6) 
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t/±(a) are the subterms of the terms that occur in A and t-p(a) are the subterms of the 
terms that occur in T (for convenience, max0 is defined to be 1). Since the function 
symbols of S 2 E are definable in we can regard the terms in tr(a) and t/\(a) as terms 
of S 2 , hence we can regard max{tr(a)} < a ■ max{tA(o)} as an S 2 formula. 

For our proof of consistency of i-normal proofs, we need the boundedness conditions 
to hold of the axioms. The third condition states that, under any given valuation of the 
variables that occur free in T — > A, the values of the subterms of the terms in A cannot 
exceed the values of the subterms of the terms in T by the constant factor a, and that this 
fact can be proved in S 2 . In general, the constant a varies from one axiom to another. 
Since A is finite, however, there is a single constant a that applies to all the axioms in 
A. For the logical axioms and the proper axioms required to interpret S\E in S\, we can 
take a to be 4, so from this point on we assume that a = 4. This property plays a crucial 
role in our consistency proof. The reason for imposing the first and second boundedness 
conditions is that we want to avoid complexities that would otherwise arise in satisfying the 
third boundedness condition. 

The logical axioms are divided into E-axioms and equality axioms. The i?-axioms 
establish the basic properties of the E predicate, and the equality axioms establish the 
basic properties of equality. 

Definition 2.10 (i?-axioms). 

Ef( ai ,...,a n ) ^E aj j = l,...,n;/G T (2.7) 

p(a 1 ,a 2 )^Ea j j = 1, 2;p 6 {=, <} (2.8) 

^p( ai ,a 2 ) ^ Eaj j = l,2;p € {=,<} (2.9) 

Axiom (|2.7p states that if the value of / exists, then the arguments of / also exist. 
Axioms (|2.8p and (|2.9p state that if =, <, or the negation of either of them holds of ai,a2, 
then a±, a 2 exist. That is, in the terminology of Scott [15], we assume that all functions and 
predicates are strict. 

Definition 2.11 (Equality axioms). 

Ea^a = a (2.10) 

a = b^b = a (2.11) 

a = b,b = c^a = c (2.12) 

a = b — > Sja = Sjb j = 0, 1 (2-13) 

Ef(a),a = b^f(a) = f(b) feT (2.14) 

ai = h,a 2 = b 2 ,p(a 1 ,a 2 ) -^p(h,b 2 ) p €{=,<} (2.15) 

Axioms ([2TED, (I2TT2]) . (|2TT3|) . and (I2TT5D are standard, but Axiom (I2TTU]) needs an 
explanation. For our soundness proof, we would like to have the property that when a 
closed formula (j) is proved, the values of the terms which occur in (j> are bounded by the 
code for the proof of 4>. Therefore, we cannot use just t = t as a substitution instance of an 
equality axiom with a closed term t, since we would have no control over the value of t. To 
deal with this problem, we add Ea to the antecedent of the usual reflexive law of equality, 
which ensures that the proof of t = t contains the proof of Et, and hence that the code for 
the proof of t = t exceeds the value of t. 
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Axiom (12.13D states that the binary successor functions so,si preserve equality. For 
the other function symbols, we have only a restricted preservation of equality, Ef(a),a = 
b — >■ f(a) = f(b), as an axiom, and not full preservation of equality, a = b /(a) = f(b). 
This is because, the case of the reflexive law of equality, for sequences t, u of closed terms 
we want to bound the values of f(t) and f(u) by the code for the proof of the equality 
/(t) = f(u). Without the condition Ef(a) in the antecedent of Axiom ()2.14f) . we cannot 
ensure that this property will hold. For example, if t%,t2,u%,U2 are closed terms and t\ = 
Ui,t2 = U2 — > t\^t2 = u\j^U2 is a substitution instance of the usual equality axiom (Axiom 
(|2.14p with / = #, a = (01,02), and b = (61,62), but without Ef(a) in the antecedent), 
the values of ii#i2 and u±#U2 are not necessarily bounded by the code for the proof of the 
equality ti#^2 = - "i#'"2- However, we can prove full preservation of equality for function 
symbols as a theorem, without assuming Ef(a) (see Subsection 14. 3p . since we can prove 
that all the function symbols of S2E represent total functions, that is, that for all / € J-, 
Ea — > Ef(a). Actually, using the PIND rule, we can prove full preservation of equality 
for function symbols by induction on the definition degree of /, without using Axiom (12, lip 
at all. However, we retain Axiom (I2.14p since we want to have the equality axioms in S\E. 

Axiom (I2.15P states that the truth value of the predicates = and < is preserved by 
equality. 

Next, we discuss the proper axioms (the axioms in *4). In S , 2 +2 we can prove the consis- 
tency of strictly i-normal proofs — which are carried out within S 2 ~ 1 E(J r , A) — for any A all 
of whose elements satisfy the boundedness conditions. To interpret S% inside S\E{F, A), 
we need to have the function symbols of S2 in J~, and to have the following data axioms, 
separation axioms and auxiliary axioms in A. 

Definition 2.12 (Data axioms). These are the data axioms introduced by Leivant |10j . 



-> £0 (2.16) 

Ea^Esja j = 0, 1 (2.17) 

Definition 2.13 (Separation axioms). 

Sja = Sjb -> a = b j = 0, 1 (2.18) 

Ea,Eb^ s a^ sib (2.19) 

Ea ->• sia / (2.20) 

s a = -> a = (2.21) 



Definition 2.14 (Defining axioms). It is clear that by Cobham's definition of polynomial- 
time computable functions, the defining equations for each n-ary function symbol / G T 
can be written in the form f(u(ai), 02, . . . , a n ) = i(oi, 02, . . . , a n ) where u(a\) is one of 
0, a\, so a i) si<zi. For each defining equation in this form, the following axiom is in A. 

Eai,Ea 2 , ■ ■ ■ , Ea n , Et(ai,a 2 , . . . ,a n ) -> f(u(ai),a 2 , ... ,a n ) = t(ai,a 2 , . . . ,a n ) (2.22) 

We call these axioms the defining axioms. 

Definition 2.15 (Auxiliary axioms). The auxiliary axioms are those generated from the 
BASIC axioms of S2 by the following procedure. 

First, render these axioms free of logical connectives (see |17j). For example, the first 
BASIC axiom, b < a D b < Sa, is changed to the sequent b < a — >• b < Sa. 
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Then for each term t that occurs in the succedent, we add Et to the antecedent. The 
axiom in the example becomes Eb, ESa, b < a — > b < Sa. 

Finally, simplify the resulting axioms by removing the unnecessary assumptions — taking 
care, however, to ensure that the final version of each axiom satisfies the boundedness 
conditions (Definition 12. 9p . For example, we simplify Eb, ESa, b < a — > b < Sa to ESa, b < 
a — > b < Sa, since Eb follows from b < a by S-axiom (|2.8p and, after this simplification, 
this auxiliary axiom still satisfies the boundedness conditions. 

From the data axioms and separation axioms, we can prove the relations n = m and 
n ^ m that hold between numerals n, m in their standard interpretations. Moreover, we 
can prove totality of every / £ J (i.e., that Ea\, . . . ,Ea n — > Ef(a\,...,a n )) from the 
logical axioms, the defining axioms, and E^-PIND (see Subsection |MD . Also, we can use 
the auxiliary axioms, together with other axioms and the rules of inference of S\E, to prove 
the interpretation of the BASIC axioms of 52 in S\E which is defined in Subsection 14. II (see 
Subsection |4~4|) . 

From this point on, we assume that T contains all the function symbols of S2 and that 
A contains all the proper axioms outlined above. All of these proper axioms, as well as the 
logical axioms, satisfy the boundedness conditions. 

2.3. Rules of inference of S l 2 E. We formulate S\E proofs using the sequent calculus. 
The rules of inference of S\E consist of the rules for predicate logic (but with a modified 
R-i-rule; see (I2~33D ) plus the PIND rule applied to formulae, which is called the Ej- PIND 
rule. The E^-PIND rule derives r, Et -> A(t),A from T -> A,A(0); A(a),T -> A,A(s a); 
and A(a),T -> A,A(s±a). 

If we can derive a sequent r —> A from premises T± — > Ai, . . . , V n — > A n , we write 

1WA1 • • • r n - j. A n 

r -> A ' (2.23) 

where R is the name of the rule. The name is often omitted if it is obvious. All the rules 
of inference which appear in this paper have at most three premises. 

The rules of inference are divided into the identity rule, the axiom rule, the structural 
rules, the logical rules, the Cut rule, and the PIND rule. 

The identity rule is used to express that a formula A implies itself. 

Identity rule: 

A^A Id (2.24) 
The axiom rule is used to derive a sequent which is a substitution instance of an axiom, 
that is, a sequent of the form T(t(b)) — > A(t(b)) where T(a) — > A (a) is an axiom, a are the 
variables that occur in T — > A, t are the terms that are being substituted for the variables 
in a, and b are the variables that occur in t. 

Axiom rule: 

Ax 

T(t(b)) -»• A(t(b)) (2.25) 
The structural rules are defined as usual. 
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Weakening rules: 



Contraction rules: 



r ->■ a 

A,T ^ A (2.26) 

r -> a 

T^A,A (2.27) 
A,A,T -» A 

A,T ->• A (2.28) 

r -»• a, a, a 



Exchange rules: 



r -> A, A (2.29) 

r,A,.B,n -» a 

r,5,A,n-»-A (2.30) 

r -»• a, AB,n 



r^A,s,A,n (2.3i) 

The logical rules are those of classical sequent calculus with a modified iiS-rule. The 
logical rules for negation are used to negate atomic formulae only, since the language of 
S\E allows negation of atomic formulae only. 



-rules: 



T-> A,p(ti,t 2 ) 

-np(ti,t 2 ),r->A L " (2.32) 

p(ti,t 2 ),r-> a 



Eti,M 2 ,r^ A,-.p(*i,t 2 ) ' (2.33) 
where p is = or < and ti, t 2 are terms. Unlike the usual textbook definition of the R -i-rule, 
in the antecedent we introduce the formulae Et\ and Eti that express the existence of 
values of the terms t\ and i 2 , respectively. This is because we interpret -ip(ii,i 2 ) to mean 
that the values vi,V2 of t±, i 2 exist and satisfy ->p(vi,V2)- Therefore, to infer ->p(ii,i 2 ) we 
presuppose Et\ and Eti- 



A-rules: 



AT^A 

L Ai 



iAB.r^A 1 (2.34) 

i,r->A 

BAA,T->A 2 (2.35) 
-> A, A T^A,B 

RA 



A,iAB (2.36) 
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V-rules: 

A,T —■ A B,T^A 

LV 



AVBJ^A v (2.37) 

T^A,A n 

RVi 



T^A,AvB 1 (2.38) 
T -> A, A 

r A,BVA 2 (2.39) 
The logical rules for universal quantification are of two types: bounded (indicated with 
a "b" following the L or R) and unbounded, corresponding to bounded and unbounded 
universal quantification, respectively, in the language of S l 2 E. The same is true of the 
logical rules for existential quantification. In both types, bounded and unbounded, the 
quantification (universal or existential) is done over objects that actually exist. 



Bounded V-rules: 

A(*),r->A 



LbV, 



t < s,Vx < s.A(x),T -> A ' (2.40) 
where the variable x does not occur in the term s. 

a<t,T^A,A(a) 

Et,T->A,Vx<t.A(x) ' (2.41) 

where neither the variable a nor the variable x occurs in the term t, and a does not occur 
free in V -> A. 

Unbounded V-rules: 

A(t),T^A 

L V 



Et, Vx.A(s), T -> A (2.42) 
Ea,T^A,A(a) 

T^A,Vx.A(x) ' (2.43) 
where the variable a does not occur free in T — >■ A. 

Bounded d-rules: 

q<t,A(q),r^A 

dx < i.A(x),T -> A ' (2.44) 

where neither the variable a nor the variable x occurs in neither the term t, and a does not 
occur free in T — > A. 

r^A,A(t) 

t < s,T -> A,3x < s.A(x) ' (2.45) 
where the variable x does not occur in the term s. 



Unbounded 3-rules: 

Ea,A(a),T -> A 



L3, 



3x.A(x),r^A ' (2.46) 
where the variable a does not occur free in T — >■ A. 

r->A,A(t) 



-> A,3x.A(x) (2.47) 
The Cu£ reZe is used to derive a sequent by employing an intermediate "lemma." 
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Cut rule: 

r,n — ^ A, A Cut (2.48) 
The PIND rule is used to infer statements A(t) (for formulae A{a) and terms t) from 
the assumption that t converges and A satisfies the induction hypothesis on the value of t. 



PIND, 



PIND rule: 

r -> A, A(0) A(a),T -t A, A(s a) A(a),T -»■ A, A( Sl a) 

Et,r ->• A,^4(t) ^ 24Q ^ 

where the variable o does not occur free in T — > A. We call this the PIND rule on i. If we 
restrict the PIND rule to formulae A(a) from some class we call the resulting rule the 
$- PIND rule. 

Informally, the PIND rule expresses induction on the notations of the natural numbers 
represented in binary. We call A(a) the induction hypothesis, the proof of F — > A, A(0) the 
base case, and the proofs of A(a),T — > A,A(soa) and ^4(a),r — > A, A(sia) the induction 
steps. 

From the PIND rule on t, we have the following derived rule. 

r^A,,4(0) Ea,A(a),T -> A, A(s a) Ea,A(a),T ^ A,A( Sl a) 

Et,T -> A,A(t) (2.50) 

We call this the PIND-E rule on t. To derive this rule, we first derive A{a) A Ea,T — > 
A,A(soa) A Esqcl from Ea, A{a),T — > A,A{sqo). This is done via the axiom Ea — > Esoa 
and propositional reasoning. Similarly, we derive A(a) A Ea, V — > A, A{s\a) A Es\a from 
Ea, A(a),T ->• A, A(sia). Then, applying PIND to A(a) A Ea, we derive Et, F -4 A, A(i) A 
E't. Finally, we derive -Et, T — > A, A(t) by purely propositional reasoning. 
This completes the definition of the rules of inference of S\E. 

Lemma 2.16 (Substitution Lemma). If S\E h T(a) — > A(a), where the variable a occurs 
free in T — > A, then S^E h r(t) — >• A(t) /or every term t. 

Proof. Induction on the structure of the S\E proof of T(a) —} A(a). □ 



2.4. Comparison to Free Logic and Scott's system. In this subsection, we briefly 
discuss the similarities between our system and two others: free logic (see for a com- 
prehensive summary) and Scott's E- logic [15]. 

Our system is quite similar to free logic with negative semantics, known as NFL, and 
Scott's system, in that in all three systems an equational formula t = u implies existence of 
the objects denoted by t and u. Moreover, in our system as well as in NFL, all the functions 
are strict (in Scott's terminology), that is, Ef(a±, . . . ,a n ) implies Eaj (j = 1, . . . ,n). The 
rules for universal and existential quantification are also similar. 

On the other hand, our R—i rule is more restrictive than that of either NFL or Scott's 
system. Also, we do not have full preservation of equality for functions, a\ = b\, . . . , a n = 
b n — >■ /(ai, . . . , a n ) = f{b\, . . . , b n ), as axioms (although that can be proved as a theorem). 
Furthermore, we do not have totality of functions, Ea\, . . . ,Ea n — > Ef{a\, . . . ,a n ), as 
axioms (again, that can be proved as a theorem). The only functions for which we have 
totality as axioms are the binary successor functions sq and si; however, we can prove the 
totality of the other functions from the binary successor functions via the Eg- PIND rule. 
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As we will see in the next section, the restrictions we have imposed on our system are 
crucial to the provability in 52 of the consistency of strictly i-normal proofs in S 2 l E. 

3. S l 2 +2 PROOF OF CONSISTENCY OF STRICTLY l-NORMAL PROOFS 

In this section, we define i-normal formula and strictly i-normal proof and in S^~ 2 we prove 
the consistency of strictly i-normal proofs in S 2 1 E. The consistency proof is based on the 
facts that we can produce a Ts\ formula that constitutes a truth definition for i-normal 
formulae and we can apply the Z b i+2 - PIND rule to prove the soundness of strictly i-normal 
proofs in S 2 l E. The idea is that to use a term t in an S 2 1 E proof, we first need to prove 
that Et holds. To do this, we show that for a given assignment p of values to the variables 
in t, the value of t is bounded by the size of the proof of Et plus the size of p. Therefore, 
we can define a valuation function for terms and a truth definition for the formulae in the 
proof. Once we obtain the truth definition, consistency is easy to prove. 

In Subsection 13. 1\ we describe how we assign Godel numbers to formulae and proofs. In 
Subsection [321 we introduce a "bounded" valuation for terms and prove its basic properties. 
In Subsection l3.3l we introduce a "bounded" truth definition for quantifier-free formulae and 
then extend it to i-normal formulae. In Subsection 13.41 we introduce strictly i-normal proofs 
in S 2 1 E, and we prove the soundness of such proofs with respect to the truth definition 
given in Subsection 13.31 

In what follows, i is assumed to be a fixed integer from the set {—1,0, 1,2,...}. 

3.1. Godel numbers for formulae and proofs. Before proceeding to the main topics 
treated in this section, we need to explain how we assign Godel numbers to the formulae of 
S l 2 E and to S l 2 E proofs. 

Since our proofs are structured as proof trees (nested sequences of formulae and rules of 
inference), we first assign Godel numbers to the symbols which appear in the formulae and 
rules of inference of S 2 E, using a different natural number for each symbol. Then we assign 
Godel numbers to finite sequences of natural numbers, and we apply this Godel numbering 
to the formulae of S 2 E and the nodes of proof trees. 

In assigning Godel numbers to sequences of natural numbers, we follow Buss' method [5]. 
The Godel number of the sequence (u\, . . . ,u n ) is determined by the following procedure. 

(1) For every j (1 < j < n), let u'j be the natural number whose binary representation is 
obtained by inserting between consecutive bits in the binary representation of Uj, and 
then appending to the resulting bit string. (By convention, 0' = 0.) For example, 
if the binary representation of uj is 11, then that of u'j is 1010; and if the binary 
representation of Uj is 101, then that of u' is 100010. 

(2) Define the Godel number of (ui,... ,u n ) to be u[ © 3 © u 2 © 3 © • • • 3 © u' n . 
Since the binary representation of the number 3 is 11, the Godel number of the sequence 
(u\, . . . , u n ) is the natural number whose binary representation is obtained by inserting 
11 between the binary representations of u'j and u'j +1 (j = 1, . . . , n — 1). 

(3) The Godel number of (ui) is defined to be u[, and the Godel number of the empty 
sequence (} defined to be 0. 

The notation [•] is used for the Godel number of any symbol or sequence. For example, the 
Godel number of the formula A(a) is denoted by |~A(a)] . 
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3.2. Valuation of terms inside S 2 . In this subsection, we define a valuation function for 
the terms of S 2 E. Our strategy in defining this valuation is to attach values to the nodes of 
a tree which is made up of all the subterms of the given term, and then to define the value 
of the term as the value attached to the root of the tree (the node that represents the entire 
term). We can view construction of this tree as a process of computation we undertake to 
obtain the value of its root. 

Definition 3.1. Let p be a finite sequence of pairs ([x],n) where x is a variable of S 2 E 
and n G N. 

(1) p is an environment if, for every variable x of S 2 E, there is at most one n G N with 
(\x],n) G p. 

(2) If p is an environment, we write p(x) = n to denote that ( \x] , n) G p, and we sometimes 
write p(a) to denote the sequence p(ai), • • • , p(cik) for a finite sequence a = a\, . . . , a k 
of variables of S 2 E. 

(3) Let a be a term, a formula, or a sequent, p is an environment for a if p is an environment 
and, for every variable x that occurs free in u, there is a pair ( \x] ,n) in p (for some 
n G N). 

(4) If p is an environment, and if x is a variable and n G N, then p[x h-> n] denotes 
environment obtained from p by replacing the pair (\x~\,p(x)) with ([ar],n) if there is 
some m G N with ( , m) in p, and by adding the pair ( \x~\ , n) to p otherwise. 

(5) Env denotes the ternary relation that holds of precisely the triples (//, \&~},u) where a 
is a term, a formula, or a sequent; p' is an environment for a; u G N; for every variable 
x of S 2 E, there is a pair ( \x~\ , n) in p' (for some n € N) if and only if x occurs free in a; 
and p'(x) < u for every variable x that occurs free in a. From this point on, we identify 
environments with their Godel numbers; therefore, we regard Env as a ternary relation 
on N. 

(6) Let u G N, and let a be a term, a formula, or a sequent. BdEnv( \a\ , u) denotes the great- 
est m G N which is (the Godel number of) an environment p' such that Env(// , |~er"|, u) 
holds. 

Although an environment is a sequence — not a set — of pairs, from this point on we make 
no reference to the order of the pairs in an environment. 

For a term, formula, or sequent a and natural numbers p, u, the relation Env(/9, \a~\ , u) 
and the function BdEnv( \o~~\ , u) are S^-definable. Also, if t is a term and p is an environment 
for t, we can extend p to t by recursion on the construction of t, as follows: 

p(0) := (3.1) 

p(f(h,...,t k )) :=f(p(h),...,p(t k )) (3.2) 

For a fixed term t, the function that, given an arbitrary environment p' for t, maps p' to 
the value of p'(t) obtained by this method is definable in S\- For a fixed environment p, 
however, the function that, given an arbitrary term t' such that p is an environment for t', 
maps t' to the value of p(t') obtained by this method is not definable in S2 , since there are 
sequences of such terms t' for which the values of p(t') increase exponentially in the length 
of t'. 

Definition 3.2. Let t be a term of S 2 E, let p be an environment for i, and let u G N. A 

p-valuation tree for t which is bounded by u is a tree w that satisfies the following conditions. 
(1) Every node of w is of the form ( \tf\ , c) where tj is a subterm of t, c G N, and c < u. 
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(2) Every leaf of w is either (|~0],0) or (\a],p(a)) for some variable a in the domain of p. 

(3) The root of w is ( \t] , c) for some c < u. 

(4) If (\f(ti, . . . , t n )~\ , c) is a node of w, then the children of this node are the nodes 
(\ti~\ , d\), . . . , (\tn\ , <i n ) which satisfy the condition c = /(rfi, . . . , d n ). 

If the root of a p- valuation tree w for t is ( , c) , we say the value of w is c. 

The statement that t converges to the value c (and c < u) is defined by the T,\ formula 
which expresses that the following relation (which we denote by v (\t~\ , p) ^ u c) holds: ll 3w < 
s([t],w) such that w is (the Godel number of) a /j-valuation tree for t which is bounded by 
u and has root {\t~\,d}," where s(\t~\,u) is a term whose Godel number bounds (the Godel 
numbers of) all /^-valuation trees for t which are bounded by u. 

Here are some simple facts about the relation v(\t~\,p) l u c. 

Lemma 3.3. For a term t, an environment p for t, and u £ N, the following statements 
are provable in S\ ■ 

(1) Ifv(\t],p) lu c and v(\t], p) l u c' , thenc = c'. 

(2) If f is an n-ary function such that t = ft\---t n for terms tx,...,t n and we have 
v( \f(ti, . . . , t n )1 , p) Xu c, then there exist d\,...,d n such that f(d\, . . . ,d n ) = c and 
v(\t{\,p) iu di,... ,v(\tn\,p) iu dn- 

(3) v([0],p)U0 

(4) For every variable a that occurs in t, v(\a\,p) i p ( a ) p{p)- 

(5) If v(\t~\,p) ^ u c and p' C p is an environment for t, v(\t],p') | M d and c = d . 

Lemmata 13. 4| 13.51 and 13.61 are key properties of v that are used in our proof of the 
consistency of strictly i-normal proofs (Subsection I3.4H . Lemma E3] states that substitution 
is provably equivalent to assignment. Lemma 1331 states that the relation v(\t],p) l u c is 
closed upward with respect to u. Lemma I3T61 states that if u is sufficiently large, the relation 
v(\t], p) l u c coincides with the valuation of t. 

Lemma 3.4. For terms t(a,a) and t'(a) such that the variable a occurs in t and is not in 
a, the following is provable in ■ 

■u([t(a,t'(a))],p) iu CO 3d < u,v([t'(a)],p) |„ d A v(\t(a, a)] , p[a h-> c']) | u c 
Proof. By induction on the contraction of t. 

□ 

Lemma 3.5. The following statement is provable in S^: "If v(\t], p) -l u c and u < u', then 
v(\t\,p) lu> c" 

Proof. The lemma holds since if p-valuation tree w is bounded by u, then it is bounded by 



Lemma 3.6. Let t be a term of S\E, let t\, . . . ,t m be an enumeration of all the subterms 
of t. Then the following statement is provable in S\'- "For any environment p for t and 
u € N, if p(tj) < u for every j, then v(\t],p) i u p(t) holds; and if p(tj) > u for some j, 
then v(\i],p) ^ u c does not hold for any natural number c < u.". 

Proof. If p(tj) < u for every j, we can construct a p- valuation tree for t which is bounded 
by u, by induction (outside of S%) on t. If p(tj) > u for some j, then there is no p- valuation 
tree for t which is bounded by u and this fact can be proved in Sr,- Q 
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3.3. Truth definition inside S 2 . In this subsection, we give a "bounded" truth definition 
for quantifier-free formulae, and then we extend the definition to the formulae i-normal 
formulae [E], [T7], [H]. 

First, we present a truth definition for quantifier-free formulae. Since logical symbols 
can be arbitrarily nested, we follow the same strategy that was used in our definition of 
valuation for terms. We attach a truth value to each node of a subformula tree, and we 
define the value attached to the root (the node that represents the entire formula) as the 
truth value of the formula. 

Definition 3.7. Let A be a quantifier-free formula of S 2 ~ 1 E, let p be an environment for 
A, and let u G N. A p-truth tree for A which is bounded by u is a tree w that satisfies the 
following conditions. 

Every leaf of w has one of the following five forms (where in each form the possible 
values of e are and 1): {\h < t 2 ],e), {\h gt 2 l,e), (\h=t 2 ],e), {\t 1 ^t 2 ],e), (\Et],e). 

For a leaf of the form (\ti < t 2 ],e), e = 1 if 3ci,c 2 < u, v(\t{\,p) |„ c\, v(\t 2 ],p) |„ c 2 , 
and ci < c 2 ; otherwise, e = 0. 

For a leaf of the form (\tx ^ t 2 ],e), e = 1 if 3ci,c 2 < u, v(\t{\,p) i u ci, v(\t 2 ],p) | n c 2 , 
and ci j£ c 2 ; otherwise, e = 0. 

The conditions that must be satisfied by a leaf of the form ( \ti = t 2 ~\ , e) or ( \t\ ^ t 2 ~\ , e) 
are the obvious analogues of those for (\t\ < t 2 ~\,e) and (\t\ ^ i 2 ],e), respectively. 

For a leaf of the form {\Et],e), e = 1 if 3c < u, u([i],p) J, u c; otherwise, e = 0. 

Every intermediate node r of w is of the form (\Ai A A 2 ],e) or (\A± V A 2 ~\,e), where 
the children of r are the nodes (|~Ai],ei) and (|~A 2 ],e 2 ). 

For a node of the form (\A\ A A 2 ~\ , e), e = 1 if e% = 1 and e 2 = 1; otherwise, e = 0. 

For a node of the form (\A\ V A 2 ] , e), e = 1 if e% = 1 or e 2 = 1; otherwise, e = 0. 

The root of w; is (|\A],e) for some e £ {0, 1}. 

The truth of a quantifier-free formula A is defined by the T>\ formula T_i(u, |~A],p) 
which expresses that ll 3w < s([~j4],-u) such that w is (the Godel number of) a p-truth tree 
for A which is bounded by u and has root ( \A~\ , 1) ," where s( \A~\ , u) is a term which bounds 
(the Godel numbers of) all p-truth trees for A which are bounded by u. 

We can prove several basic properties of the truth definition T—\. 

Lemma 3.8. The following statements are provable in S 2 . 

(1) T_i(n, \ti < t 2 ],p) O 3ci,c 2 < n,u([ti],p) | M ci A u(|~i 2 ~|,p) U c 2 Ac 1 < c 2 

(2) T_i(u, fa % t 2 ],p) O 3ci,c 2 < n,u([ti],p) | M d A v(\t 2 ],p) j„ c 2 Ac 1 ^- c 2 

(3) T_i(u, [ti = i 2 ~|,p) O 3ci,c 2 < n,u([ti],p) | M ci A v(\t 2 ],p) l u c 2 A ci = c 2 

(4) T_i(u, fa / i 2 ],p) O 3ci,c 2 < u,v(\t{\,p) iu ci A v(\t 2 ],p) l u c 2 A ci / c 2 

(5) T_!(u, [^1,p) o3c< u, «([*!, p) | u c 

(6) T_i(u, [^i A A 2 ] , p) o T_x (u, \A{] , p) A T_i(u, [A 2 ] , p) 

(7) T_i(u, [Ai V A 2 ] , p) 4* T_i (u, [Ai] , p) V [A 2 1 , p) 

(8) r_i(u, [A(a,i(a))],p) «3c< «, v([t(a)],p) ^cAT^fii, fA(3,o)l,^[a ^ c]) 

(9) If p' C p is an environment for A, T_i(u, |~A~|,p') O T_i(u, |\A],p) 

Lemmata 13.91 13.101 13.111 and 13.121 are key properties of T_i that are used in our 
consistency proof. Lemma [3.91 states that substitution is provably equivalent to assignment. 
Lemma 13.101 states that T_i is closed upward with respect to u. Lemma 13.111 states a 
reflection principle for T_i. Lemma 13.121 states the law of the excluded middle. 
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Lemma 3.9. Let A be a quantifier-free formula in which the variable a occurs, and let t 
be a term. Then the following statement is provable in S^-' "T_i(u, if and only if 

there exists c<u such that v(\t~\,p) l u c and T_i(-u, \A(a)~\,p[a h-> c])." 

Lemma 3.10. For a quantifier-free formula A, it is provable in that T_i(u, [~^4],/)),u < 
u'^T^(u',\Alp). 

Proof. Induction on the construction of A, using Lemma 13.51 for basic formulae A, and 
clauses 6 and 7 of Lemma 13.81 for other quantifier-free formulae. □ 

We can prove that T_i is a truth definition by showing a kind of reflection principle for 

T-i. 

Lemma 3.11. Let A{a) be a quantifier-free formula, let A' (a) be the interpretation of A(a) 
which is given in Definition \2. 7| and let t\, . . . ,t m be an enumeration of all the subterms of 
the terms that occur in A(a). Then the following statement is provable in S\: "If p be an 
environment for A, u € N and p(tj) < u for every j, then T_i(u, \A(a)\,p) o A'{p{a)); 
and if p(tj) > u for some j, then -iT_i(u, \A(a)~\,p)." 

Proof. Induction on the construction of A, using Lemma 13.61 for basic formulae A. □ 

Lemma 3.12. If p is = or <, it is provable in 5^ that if T_i(ii, \Eti\,p) for i € {1,2} 
hold, then either T_\(u, \p(ti,t2)~\, p) orT_i(u, \—>p(ti, £2)] , p) holds. 

Next, we would like to present a truth definition for formulae. However, since it is 
technically difficult to do this for general Ti\ formulae, we restrict our definition to i-normal 
formulae. Since i € {—1,0,1,2,...}, we have — 1-normal formulae, 0-normal formulae, 
1-normal formulae, 2-normal formulae, and so on. 

Definition 3.13. Let i > —1, and let A(a) be a formula. 

If i = —1, A(a) is pure —1-normal if A(a) is quantifier free. 
If i > 0, A{a) is pure i-normal if it is of the form 

3x± < t\{a)\/x2 < t2(a,xi) • • • 

QiXi < ti(a,xi, . . . ,Xi-i)Qi + ix i+ i < \t i+ i(a,xi, . . . ,Xi)\.A (a,xi, . . . ,x i+ i), 

where Qi is V if i is even, and 3 if i is odd (and vice versa for Qi+i), and Ao(a, x\, ■ ■ ■ , Xj+i) 
is quantifier free and does not contain the predicate E. Note that if i > 0, then a pure 
i-normal formula has at least one quantifier, so quantifier- free formulae are not pure i- 
normal. Also note that unlike the variables x%,...,Xi (which are bounded by the val- 
ues of the terms ti,...,t{, respectively), the value of the variable Xj + i is bounded by 
\ti + i(a, xi, . . . , Xi)\, that is, by the number of bits in the binary representation of the value 
of the term tj+i(a, x\, . . . , Xj). 

If i = —1, A(a) is i-normal if it is quantifier free. 

If i > 0, A(a) is i-normal if it is a subformula of a pure i-normal formula or is Et for 
some term t. In other words, A{a) is either an S-form, a quantifier-free formula that does 
not contain E, or a formula of the form 

Qj^j — (<2, X\ , . . . , Xj — \ J • • • QiXi ^ t{ (tt, X\ , . . . , X^~\ j 

Qi+\Xi+\ < \t i+ i(d,xi, . . . ,Xi)\.A (a,xi, . . . ,Xi+i), (3.3) 
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where Ao(a, x±, . . . , Xi+i) is quantifier free and does not contain E; 1 < j < i + 1; and for 
every /c with j < /c < i + 1, Qk is either V or 3, according as k is even or odd. If j = i + 1, 
the above formula is Qj+iXj+i < |ij+i(a, xi, . . . , Xj)|.^4o(a> ^i> • • • > £«+i)- 

The following is a truth definition Tj(ii, \B~\,p) for i-normal formulae -B. First, we 
define a truth definition Tn for i-normal forms with I quantifiers. 

Definition 3.14. Let i > —1, let B be an i-normal formula with / quantifiers. Note that 
< / < i + 1. We define Tij(u, \B~\,p) by recursion on / in the meta-language. 

If / = 0, then B is quantifier free, so T(u, |~TT|,p) = T_i(u, |\B],p). 

If / > 1, then 

B = QjXj < t.A(a,xi, . . . ,Xj), 
where j = i + 2 — /; t = tj(a,x\, . . . , if j < i + 1, and i = |£j + i(a, xi, . . . , Xi)\ if 
j = i + 1; and ^4(a, x\ . . . , Xj) is an i-normal formula with / — 1 quantifiers. Assume that we 
have defined Tj^_i(u, \C~\,p) for all i-normal formulae C with / — 1 quantifiers. We define 
T i: i(u, \B~\,p) to be the following formula. 

3c < u, v(\t] ,p)l u cA Qjdj < c.Ti(u, \A(a, x\, . . . , Xj)] , p[xj i-> dj]) 

Then, let INQ(|\B],Z) be a formula which represents "B is an i-normal form with I 
quantifiers", we define Tj(n, \B],p) as 

{INQ( \B] , 0) d r ii0 («, ^1 , p)} V . . . V {INQ(rBl , i + 1) D r M+1 (u, [5] , p).} (3.4) 

Since we can contract successive 3 quantifiers into a single 3 quantifier, Ti(u, \B~\,p) is 

yb 

Lemmata 13. 151 and 13. 161 are key properties of Tj that are used in our consistency proof. 
Lemma 13.151 states that substitution is provably equivalent to assignment. Lemma 13.161 
states that Tj is closed upward with respect to u. 

Lemma 3.15. Let A be an i-normal formula in which the variable a occurs, and let t be a 
term. Then the following statement is provable in S%: Ti(u, \A(t)~\,p) if and only if there 
exists c<u such that v(\t~\,p) \ u c and T(n, [A(a)],p[a h-» c])." 

Proof. Easy consequence of Lemma 13.91 □ 
Similarly, we can use Lemma 13.101 to prove upward closedness of Tj with respect to u. 

Lemma 3.16. For an i-normal formula A, it is provable in S"^ that Ti(u, \A~\ , p) Au < u' — > 
Ti{u', \A],p). 

As the clause 9 of Lemma 13.81 if P contains variables other than free variables which 
occurs in A, we can ignore such variables. 

Lemma 3.17. For an i-normal formula A, environments p for A and p C p' , it is provable 
in S\ that T(u, \A],p) O T(u, \A] , p') . 

By definition of Tj, we see that we can take the outermost quantifier of an i-normal 
formula whose Godel number is the second argument of T and move it to the outside of Tj . 

Lemma 3.18. Let Vx < t.A(x) and 3x < t.A(x) be i-normal formulae with at least one 
quantifier (and whose outermost quantifier is of the indicated type). Then the following is 
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provable in S^- 
Ti(u, [Vx < t.A(x)],p) O 

3c < u,v(\t],p) U c A Vd < c.Ti{u, \A(a)],p[a ^ d]) (3.5) 

Ti(u, \3x < t.A(x)],p) 

3c <u, v(\t],p) l u c A 3d < c.Ti{u, \A(a)],p[a h-> d]) (3.6) 

3.4. Strictly i-normal proofs and their consistency. Since we have defined truth for 
i-normal formulae only, we can define soundness for only those proofs that consist entirely 
of i-normal formulae. We call such proofs strictly i-normal, and we use the term strictly 
i-normal proof tree for V — > A to mean a tree w which represents a proof of T —> A. In 
such a tree, every node r has the form (R, \T r — >■ A r ] , w\, . . . , where R is a name of 

inference, T r — > A r is the conclusion of the inference, and l(R) is a number of premises of 
R. If l(R) = 0, the node has the form (R, \T r ->■ A r ]). 

Definition 3.19. An S^E proof is strictly i-normal if all formulae contained in the proof 
are z-normal. The property u w is (the Godel number of) a strictly i-normal proof tree for 
r — > A" is A^-definable. We write i-Prf(w, [T — > A]) for the A* formula that defines this 
property. 

Proposition 3.20. Let T — > A be a sequent comprised entirely of i-normal formulae, and 
let u, w G N such that i-Prf(w, [T — > A]) holds, w < u, and the binary representation of u 
is of the form 11 • • • 1, that is, all the bits are 1. Then for every node r of w, the following 
holds (where p denotes an environment as well as its Godel number and T r — >• A r denotes 
the conclusion of the subproof which corresponds a node r). 



Mp < BdEnv( |T r A r ] , u) Env(p, |T P A r ] , u) D 

Vn' <uQr{[VA G T r , T^u', \A],p)\ D [3B G A r , T,{u' r, [Si,/?)]}] (3.7) 
Furthermore, this is derivable in S^ 2 ■ 

Proof. We prove the proposition by tree induction on r. Since the formula in (|3.T|) is n^ +2 , 
our proof can be carried out in S^ 2 . 

Let p < BdEnv([~rY — > A r ],n), assume that Env( / o, |T r — > A r ],n), and let v! < u r. 
Note that u > r, since u > w > r. Therefore, u'(Br<uQr(Br<u, since all the bits in 
the binary representation of u are 1. We use this fact throughout this proof. 

We prove that if VA G T r , Ti(u' , \A],p) holds, then 3B G A r , Ti(v! r, \B],p), by 
considering all possible forms for the last inference in the derivation of T r — > A r . 



Identity rule: 



Id 



A -> A (3.8) 
Assume that Tj(u', |"^4],p). Then, by Lemma P3. 161 Ti(v! @r, \A~\,p). Hence, r satisfies (|3.7p . 
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Axiom rule: 

T(s(a)) A(s(a)) ' (3.9) 
where r(s(a)) — > A(s(o)) is a substitution instance of an axiom. 

Since there are only finite many axioms, we use case analysis on the axiom which derives 
this substitution instance. Assume that MA £ T,Ti(u', \ A(s(a))~\ , p) . Let F(b) — >■ A(6) be 
the axiom into which the substitution was made. By the assumption on A, this axiom 
satisfies the boundedness conditions (Definition 12.9ft . Moreover, its standard interpretation 
(given in Definition 12.7ft is derivable in S^~ 2 . 

By the first boundedness condition, all the formulae in T and A are basic. Let b = 
b\, . . . ,bi and s(a) = s\(d), . . . , si(a), where Sfe(a) is the term that was substituted for the 
variable bk in the application of the axiom rule (k = 1, . . . ,1). By the second boundedness 
condition, bk occurs in T, so by Lemma T3.15I 3dh < v! such that v( \sk(a)~\ , p) \ u > dk (k = 
1, . . . , 0, hence MA £ T, T^u', \A(b)~\ , p[b ^ d]). 

Let tr(b) be the subterms of the terms that occur in T(6), and let t&(b) be the subterms 
of the terms that occur in A (6). Since all formulae occur in T and A are basic, b are all 
variables contained tr{b) and T(b). Since the function symbol of S\E is definable in S\, we 
can view the terms in ir(^) an d ^a(^) as terms of S^- By the third boundedness condition, 
the relation 

max{4(6)} < a ■ max{f r (&)} (3.10) 

is provable in S^. 

Since MA G r,Tj(n', |^4(&)~|, p[b h-> d]), we have m&x{tr(d)} < v! . By Lemma T3.1H we 
have that, for every A in T, A{d) is true (in the meta-language) . Since T(d) — > A(d) holds 
(in the meta-language), there is some B in A such that B{d) is true (in the meta-language). 
Since we can take a to be 4, we have max-j^A^)} < 4 • v! < v! ® r. Let c = FV (B{b)). 
Then Ti(u' r, [5(c)], p[c i— > d] holds by Lemma 13. 18L By Lemma 13.51 and the fact that 
v( \sk(a)~\ , p) i u > dk (k = 1,...,/), we obtain v(\sk(a)~\, p) iu'er dk- Using that result and 
Lemma f3. 151 we have Ti(u' © r, \B(s(a))~\ , p), so we are done. 

Structural rules: 

: ri 
T ^ A 

^,T^A (3.11) 

Assume that Ti{u' , \A],p) and V-B € T,Ti(u', \B],p). Let p\ be the subsequence of p such 
that Env(pi, [r ri — > A ri ],u). Then p\ < BdEnv([r ri — > A ri ],n) and by Lemma 13.171 we 
have MB £ F,Ti(u', \B~\,pi). By the induction hypothesis applied to r\ together with the 
fact that v! < u Q r < uQ r\, there is some B in A such that T{(u' © r%, \B~\,pi) holds, 
hence Ti(u' © r%, \B~\ , p) holds as well because of Lemma [3. 171 By Lemma [3.161 and the fact 
that v! © n < u' © r, we are done. 

The proof for the other weakening rule is similar, and the proofs for the remaining 
structural rules are trivial. 
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-rules: 

: n 

r ->■ A,'p(ti,t 2 ) 



-np(t!,t 2 ),r^A ' (3.12) 
where p is = or <. 

Assume that Tj(<i/, [->p(ti, t 2 )] , p) and Wl G T,Ti(u', \A\,p). Note that Env(p, \T n — > 
A ri ~\,u) holds, because the variables that occur free in r n — > A ri are precisely those 
that occur free in T r — > A r ; hence p < BdEnv([T ri — > A ri ~\,u). Moreover, u' < u © 
r < u © r\, so by the induction hypothesis applied to r\, either Ti(u' © r\, \p(t\, t%)~\ , p) 
holds or 3B G A,Tj(n' ffiri, \B~\,p). By Lemma f3. 161 and our assumption about -^(ii,^), 
Ti(u' © n, f~ip(ti,t2)l)P) holds, so Ti(v! © ri, [p(ii, £2)] > p) cannot also hold. Hence 3£> G 
A, Ti(u' © n, [-B] , p). Since u' © ri < u' © r, by Lemma f3. 161 we are done. 



: n 

p(ii,t 2 )",r->. A 



Et u Et 2 ,T^ A,^p(t u t2) (3.13) 
where p is = or <. 

Assume that T;(u', f^i] , p), Tj(u', [£?t 2 l > p), and Vvl G r, Tj(u', \A] , p). If 3£ G 
A, Tj(u' © ri, |\B],p), we are done, so assume otherwise, that is, for every B G A, Tj(u' © 
7*1, f-B],p) does not hold. Note that, just as in the proof for the L-i-rule, Env(p, |T ri — > 
A ri ],u) holds and p < BdEnv([T ri — )■ A ri ~\,u). Moreover, u' < u r < u T\. Hence, by 
the induction hypothesis applied to n, Ti(u', 5 5 p) does not hold. By Lemma T3. 121 
and our assumption about and -Ei2> Ti(u', \-ip(t%, t 2 )l , p) does hold. Hence by Lemma 
13.161 we are done. 

A-rules: 

: n 

Ar'-> a 

L Ai 



AAB,r^A 1 (3.14) 
Assume that r»(u', [.4 A 5],p) and VC G T,Ti(u', \C],p). Note that since 4 A B is 
an 7-normal formula, by Definition 13.131 it is quantifier free, hence Tj(n', \A A B~\,p) -B- 
r_i(u', [AAB],p). By Lemma ESI we have Tj(it', |~yT|,p). Let pi be the subsequence of p 
such that Env(pi, \T n — > A n ],ti). Then we have Ti(v! , |~A~|,pi) and VC G r,Tj(u', |~C],pi) 
by Lemma 13.17} in addition, p\ < BdEnv([T ri — > A ri ~\,u). By the induction hypothesis 
applied to r\ together with the fact that v! < u © r < u ri , there is some D G A such 
that Tj(n' © r\, \D~\ , pi) holds. Then T,i{u' © ri, [D] , p) holds as well by Lemma f3. 171 Since 
v! © 7*1 < u' © r, by Lemma 13.161 we are done. 
The proof for the L A2-rule is similar. 

: r\ : r 2 

r —>'a,a r-»'A,-g 

r -> a,aab Ra (3.15) 

Assume that VC G T, Tj(u', [C] , p). Let pi be the subsequence of p such that Env(pi, |T ri — > 
A ri ],7i). Then we have VC G T,Ti(u', \C~\,pi), and pi < BdEnv([T n — > A ri ],u). By the 
induction hypothesis applied to r% together with the fact that u' < u © r < u ri, either 
3D G A, Tj(u' © n, fDl.pi) or ^'©n, [^],pi). 



BOUNDED ARITHMETIC IN FREE LOGIC 



23 



Similarly, let p2 be the subsequence of p such that Env(/3 2 , \T r2 — > A r2 ],u). Then 
we have VC E T,Ti(u' , \C~\, P2), and P2 < BdEnv([r r2 — > A r2 ],u). By the induction 
hypothesis applied to r 2 together with the fact that v! < u Q r < u Q r2, either 3D G 
A, Ti(u' © r 2 , \D] , P2) or T;(u' r 2 , \B\ , p 2 ). 

If there exist j G {1, 2} and DeA such that T^u'Qrj, \D] ,pj), then T^u'ffir,-, \D] , p) 
holds by Lemma 13.171 Thus we are done by Lemma 13. 161 and the fact that v! © < -u' © r, 
so assume otherwise. 

Then both Ti(u' © n, [A] , pi) and Ti(u' © r 2 , [5] , p 2 ) hold. Thus we have both Ti(u' © 
ri, p) and Ti(u' © r 2 , \B~\,p), by Lemma [3.171 Since v! © r^t/ © r 2 < v! © r, both 
?i {v! © r, [A] , p) and Tj («' © r, , p) hold by Lemma 13.161 As noted in the proof for the 
L Ai-rule, the formula A A B is quantifier free. Thus by Lemma [3.81 and the definition of Tj, 
we have Ti(u' © r, [A A B] , p). 

V-rules: The proofs for V-rules are similar to the proofs for A-rules. 
Bounded V-rules: 

: ri 

t < s,Vx < s.A(x),r -t A ' (3.16) 
where the variable x does not occur in the term s. 

Assume that Ti(u',\t < s~\,p), [Vx < s.A(x)],p), and VB e I\Ti(u', \B\,p). 

Since Tj(u', [~i < s],p) holds, there are co,d such that v(\t],p) l u i cq, v(\s~\,p) X u > d, and 
Co < d. By Lemma l3.18l and the fact that v(\s] , p) i u / d, we have Vc < d, Ti(u', \A(a)~\ , p[a h-> 

c] ). In particular, Tj(V, [j4.(o)*| , p[a i-> co]), since Co < d. If a occurs free in A(a), we can 
apply Lemma |3. 151 to A{a) and obtain Ti(u', \A(t)~\,p). The conclusion is obvious if a does 
not occur free in A. 

Note that p is an environment for T ri — > A n , since every variable that occurs free 
in T ri — > A n also occurs free in T r — > A r , so let p\ be the subsequence of p such that 
Env(pi, [T n — > A n ],u). Then we have Tj(V, |\A(i)],pi) and VB £ T,Ti(u', \B~\,p\); in 
addition, p\ < BdEnv([T ri — > A ri ~],u). Thus there is some C in A such that Tj(u' © 
ri, \C~\,pi) holds, by the induction hypothesis applied to r\ together with the fact that 
u' < u © r < u r\. Hence we have Ti(u' © n, \C~\,p), because p\ is a subsequence of p. 
Since u' © r% < u' © r, by Lemma f3. 161 we are done. 

: n 

q<t,r^> A,A(o) 
St,T-> A,Vx<t.A(x) ' (3.17) 
where neither the variable a nor the variable x occurs in the term t, and a does not occur 
free in T — > A. 

Assume that Ti(u', \Et] , p) and VB £ T,Ti(u' , \B~\ , p). Since Ti(u', \Et] , /?) holds, there 
is some c < u' such that v(\t~\,p) l u / c. Let d be any natural number such that d < c. 
Then Tj(u', [a < i], p[a i-> d]) holds by Lemma [3.111 and the fact that T^u', [a < i], p[a i-> 

d] ) f-> T_i(n', [a < t],p[a 1— )• d]). Furthermore, since a does not occur free in T, we have 
VB €r,Ti(u',\B},p[a^d]). 

Note that p[a 1— > d] is an environment for T ri — > A ri , since every variable other than a 
that occurs free in r n — > A ri also occurs free in T r — > A r . Moreover, p[a 1— > d](y) < tt for 
every variable y that occurs free in r n — > A ri , since d < c < u' < u. Since Env(p, \T r — > 
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A r ~\,u), Env(p[a h-> d], [T ri — > A ri ],u) holds. By the induction hypothesis applied to 7*1 
together with the fact that u' < uQr < uQr\, either 3C € A, Ti(v! ffi r\, \C~\ , p[a i->- d]) or 
2;(y ©n, [A(a)l,p[a H^d]). 

If there is some C in A such that Ti(u' © n, [~C],p[a i— )• d]), then we have Tj(u' ffi 
rx, [C~|,p), since a does not occur free in D. Hence we are done by Lemma T3.16I and the 
fact that v! © T\ < u' © r, so assume otherwise. 

Then Ti(u' © n, |\A(a)],p[a h-> d]) holds. Since d was an arbitrary natural number less 
than or equal to c, by Lemma l3.18l we have Tj(it'ffiri, \\fx < t.A(x)~\ , p). Since ti'ffin < it'©r, 
we are done by Lemma 13.161 

Bounded 3-rules: 

: n 

q<f,A(q),r^A 

3x < t.A(a;),r ->• A ' (3.18) 
where neither the variable a nor the variable x occurs in the term t, and a does not occur 
free in T — > A. 

Assume that Tj(u', \3x < t.A(x)~\, p) and MB £ r,Tj(ii', |\B],p). By Lemma 13.181 there 
exist c,d such that d < c, u(|Y|,p) c, and Ti(u', \A(a)~\, p[a \-t d\). Then Tj(u', [a < 
£],p[a d]) holds by Lemma [3.111 and the fact that Tj(u', [~a < i],p[a i-> d]) = T_i(it', [a < 
i],p[a i-> d]). Since a does not occur free in T, we have VI? € r,Tj(V, [\B],p[a >->• d]). 

Note that p[a i— > d] is an environment for T ri — )• A n , and that p[a i— > d](y) < it for every 
variable y that occurs free in T ri — >■ A ri , since d < c < u' < u. Since Env(p, [TV — > A r ],u), 
Env(p[a t — ^ d], |T ri — > A ri ],tt). Thus by the induction hypothesis applied to ri together 
with the fact that u' < uQr < uQr\, there is some C in A such that Ti(v!®r\, \C~\ , p[a h-> d]). 
Since a does not occur free in C, we have Tj(V © rj, [C],p). Therefore, we are done, by 
Lemma 13.161 and the fact that u' © T\ <u'®r. 

: n 

r-^A,^(t) 

t < s, T ->■ A, 3cc < a.A(x) ' (3.19) 
where the variable x does not occur in the term s. 

Assume that Ti(v! , [t < s] , p) and V-B 6 r, Ti(u', \B~\ , p). Note that p is an environment 
for T ri — > A n . Let pi be the subsequence of p such that Env(px, |T ri — > A ri ~\,u). Then we 
haveV-B G r, Tj(it', [B],pi), and pi < BdEnv([r ri — > A n ],u). By the induction hypothesis 
applied to r\ together with the fact that u' < uffir < uQr\, either 3C G A, Ti(u'®ri, [~C] , pi) 
orT^u'ffiriJA^l^i). 

If there is some C in A such that T{ (y! ffi r\ , |~C] , pi ) , then we have Tj (u' ffi n , [C] , p) 
by Lemma 13.171 Hence we are done by Lemma 13.161 and the fact that u' © r\ < u' © r, so 
assume otherwise. 

Then we have Tj(u' © r±, \A(t)~\, pi), hence Ti{u' © r±, \A(t)~\,p) holds by Lemma f3. 171 
By Lemma f3. 151 there exists c such that v(\t~\,p) i u '(Bn c and Ti(u' ®r%, \A(a)~\,p[a i->- c]). 
Since Tj(u', |"t < s],p) holds, there exists d such that v(\s],p) i u > d and c < d. By Lemma 
13.181 Tj(n' ffi r%, \3x < s.A(x)~\,p) holds. Thus we are done, by Lemma T3.16I and the fact 
that u' ffi n < u' ffi r. 
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Cut rule: 

: r\ : r 2 



Cut 



r,n^A,A ^ (3.20) 

Assume that VB G T, II, Ti(u' , \B~\ , p). Let a be the variables that occur free in A but do not 
occur free in T r — > A r , and let p[a i— >■ 0] be the environment that extends p and maps every 
variable in a to (where p[a i— > 0] = p if a is empty). Note that p[a h-> 0] is an environment 
for r ri — > A ri , and that p[a \-> 0](y) < u for every variable y that occurs free in T ri — > A, n . 
Let /?i be the subsequence of p[a h-> 0] such that Env(pi, [T n — >• A ri ~|,u). Then we have 
\/B G r, Ti(u', \B~\,pi), and pi < BdEnv(|T ri — > A n ],ti). By the induction hypothesis 
applied to ri together with the fact that v! < uQr < uQr\, either 3C G A, Tj(u'ffiri, [C] , pi) 
or T^u'eri, [A],pi). 

If there is some C in A such that Tj (u' © ri , |~C] , p\ ) , then we have Tj (u' © r\ , |~C] ,p[a i-> 
0]) because pi is a subsequence of p[a (->■ 0] and by Lemma [3.171 Furthermore, Tj(u' © 
t*i, |~C~|,p) holds by Lemma 13.17} since none of the variables in a occurs free in C. Thus 
Ti(u' © r, |~C],p) by Lemma f3, 161 and the fact that u' © 7*1 < 7i' © r. Hence we are done, so 
assume otherwise. 

Then we have Ti(u' © 7*1, |~^4],pi), so Tj(u' © rr, [A],p[a i->- 0]) holds by Lemma T3.17I 
because pi is a subsequence of p[a h-> 0]. By our assumption about II, we have Vi? G 
II, Ti(u', \B~\ , p[a h-> 0]) by Lemma f3.17[ because p is a subsequence of p[a h-> OJ. By Lemma 
I3T61 we have V£ G II, Ti(v! © n, f-Bl , p[a i-> 0]). 

Note that p[a 1— >■ 0] is an environment for r r2 — > A r2 , and that p[a *— > 0](y) < u for every 
variable y that occurs free in r r2 — > A r2 . Let p 2 be the subsequence of p[a »->• 0] such that 
Env(p2, rr r2 — > A r2 ],u). Then we have T, (u' © v\ , [A],p2) and VS G n, Tj(u'ffi 7*1, |\B],p2); 
in addition, p2 < BdEnv([T r2 — > A r2 ~\,u). 

Our choice of Godel numbering, together with the fact that r% and T2 are Godel numbers 
of nonempty subproofs of T r — > A r , ensures that \r\ © r2 1 < \r\. Since u' < u r, we have 
|u' © ri I < \u © r © 7*1 1 < |u © (7*1 © © ri| = | it O 7*2 1 , hence u'ffi 7*1 < uQ r^- 

By the induction hypothesis applied to 7-2 together with the fact that u' © 7*1 < it 7*2, 
there is some D in A such that Ti(u' (B r% © 7*2, [-D],p2)- Then we have Tj(u' © r\ © 
r2, [-D],p[a 0]) by Lemma T3.171 because P2 is a subsequence of p[a i-» 0]. Furthermore, 
Tj(u' © ri © 7*2, \D~\ , p) holds by Lemma f3, 171 because none of the variables in a occurs free 
in D. Since |n © r2| < |r|, we have 7/ © ri © r2 < v! © r, so T%(v! © r, [D] , p) by Lemma 
13.161 Hence we are done. □ 

Theorem 3.21. Let i -Con = "iw.— ii-Prf(w, which states that there is no strictly 

i-normal proof of the empty sequent — K T/ien 

5^ +2 hi-Con (3.21) 

Proof. We informally argue inside of S 1 ^ 2 . Assume that 7-Prf(t/;, [—>•]) holds for some w. 
Let it be as in the statement of Proposition 13.201 let p be the empty environment, and let r 
be the root of w. Then we obtain [\/A G T r , Ti(u', \A],p)\ D [3B G A r , Ti{v! © r, \B],p)\. 
However, both T r and A r are empty. Therefore, we obtain [VA G 0,Tj(u', [^4],p)] D [35 G 
0, Tj(u' © r, |"5"],p)]. Since there is no ^4 G 0, the premise is true. But since there is no 
B G 0, the conclusion cannot be true. This is a contradiction. Therefore, the formula 
Vw.^i-Prf(w, [—>•]) holds. □ 
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4. Bootstrapping Theorem of S 2 E 

In this section, we establish the correspondence between S\E and S\. We show that S 2 E 
has essentially the same strength as S\ if i > 1- The theorem which establishes the corre- 
spondence is called the Bootstrapping Theorem (Theorem I4.2p . following Buss' use of the 
term "bootstrapping" in [5j, since we bootstrap from the restricted set of axioms of S 2 E to 
the full power of S 2 . 

We present a proof of the theorem in four "phases" of bootstrapping. In the first phase, 
we show that all the functions of S2 E are provably total. Each of the remaining phases 
applies to a particular class of inferences of S 2 , an d we show that all the inferences covered 
in each phase are admissible in S 2 E (if properly translated from S 2 to S 2 E), that is, that 
if all the premises of an inference covered in a given phase are provable in S 2 E, then the 
conclusion of that inference is also provable in S 2 E (Definition 14. 7p . The Bootstrapping 
Theorem (Theorem 14. 2h then follows from the fact that every inference of S 2 is treated in 
some phase of the bootstrapping. Even the axioms are included in this, since an axiom is 
just a rule of inference with no premise. 

4.1. Translation of theorems of S 2 . In this subsection, we introduce a translation of S 2 
formulae to the language of S 2 E and state the Bootstrapping Theorem (Theorem I4.2p . 

Definition 4.1. The formulae of S 2 are translated into formulae of S 2 E by replacing every 
formula of the form A D B with one of the form —>A V B, and using De Morgan duality 
to replace every formula of the form —>A with a logically equivalent formula in which every 
subformula prefaced with the negation symbol is of the form t± = t<i or t\ < ti- We 
call this translation the ^-translation and denote the ^-translation of A by A*. Formally, 
the *-translation is defined as follows. 

(1) {p{t u t 2 )Y = p{hM) if Pis = or <. 

(2) H?(ii,i 2 ))* = ->p(ti,t2) if P is = or <. 

(3) (A A B)* = A* A B*. 

(4) (Ay B)* =^A* V B*. 

(5) (-'A)* = (A)*, where A is the De Morgan dual of A. 

(6) (A D B)* = (A)* V B*. 

(7) (Vx < LA)* = Vx < LA* and (3x < LA)* = 3x < t.A*. 

(8) [Vx.A)* = Vx.A* and (3x.A)* = 3x.A*. 

r* is the sequence of formulae which is obtained by applying * to the formulae in the 
sequence T. 

The sequent r — > A is translated to the sequent (r — > A)* = Ea,T* — > A*, where a 
are the variables that occur free in T — > A. 

The following theorem states that S 2 E proves the *-translations of sequents derivable 
in S\ if % > 0. 

Theorem 4.2 (Bootstrapping Theorem). If i > 1 and S 2 proves a sequent T — > A, then 
S\E(T,A) proves its ^-translation (V — > A)* if T and A satisfy the conditions presented 
in Subsections [Kl\ and Un^ respectively. 

The rest of this section is devoted to a proof of the Bootstrapping Theorem. To simplify 
the notation, we write S 2 E for S\E(F } A) 
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4.2. Bootstrapping Phase I: S\E proves totality of its functions. In this subsection, 
we prove that if i > 0, all the functions of S\E are provably total, that is, that S\E h Ea — > 
Efa for every function symbol / € T . The proof is by induction (in the meta-language) on 
the definition degree of / (Definition 12. 3p . 

Proposition 4.3. If i > 0, then for every n-ary function symbol f of S^E, S\E proves 

Ea^Efa, (4.1) 

where a = oi, . . . , a n . 

The reason for specifying that i > is that in the proof we apply the PIND rule to Sq 
formulae of S^E. 

It follows from this proposition that if all the variables in a term of S\E converge, then 
the term itself converges. 

Corollary 4.4. Let t be a term of S\E. If ax, ... ,a n are the variables that occur in t, then 
the following holds if i > 0. 

S\E h Eax, . . . , Ea n -> Et (4.2) 

Proof of Corollary \4-4\ Induction on the construction of t. 

The base case t = 0: This is immediate, since —> E0 is Axiom f|2. 16j) . 

The base case t = a\: This is also immediate, by Identity (Ea± —> Ea\). 

Induction step t = ft± ■ ■ ■ t m : We assume that the corollary holds for t±, . . . , t m . Then 
for every j, we have an S l 2 E proof of Ea±, . . . , Ea n — > Etj by the induction hypothesis 
(together with Weakening if at least one of the variables a±, . . . ,a n does not occur in tj). 
Let bi, . . . , b m be variables. By Proposition 14.31 we have Eb±, . . . , Eb m — > Efb\ ■ ■ ■ b m . By 
the Substitution Lemma (Lemma I2.16|) . we have Eti, . . . , Et m — > Eft\ ■ ■ ■ t m . Applying 
Cut m times (once for each j), followed by Contraction every time but the first, we obtain 
Eai,...,Ean-* Eft\...t m . □ 

The rest of this subsection is devoted to a proof of Proposition 14.31 

Proof of Proposition \4~3\ The proof is by induction on d(f), the definition degree of the 
function /. 

Base case: d(f) = 0. If d(f) = 0, then / is either the constant function n , a projection 
function proj£, one of the binary successor functions so ; s i- 11 / is n , then 

Ea,E0^0 n { ai ,...,a n ) = (4.3) 

is an axiom (See Definition 12. 14|) . By — > E0 (Axiom (|2.16p ) together with Cut, we have 
Ea n (ai, . . . , a n ) = 0. Using a substitution instance of Axiom (j2.8|) with p set to =, 
we can derive n (ai, . . . , a n ) = — > E0 n (ai, . . . ,a n ). Thus, we obtain Ea±, . . . , Ea n — > 
E0 n (ai,. . . ,a n ) by Cut. 
If / is proj^, then 

Ea ->• proj^(ai, . . . ,a n ) = a k (4.4) 
is an axiom. Using a substitution instance of Axiom (|2.8p with Cut, we can derive 

Eai, . . . ,Ea n £proj£(ai, . . . ,a n ). (4.5) 

If / is a binary successor function Sj for some j € {0, 1}, then Ea — > Esja is a data 
axiom (Definition 12. 12j) . 

Induction step: / is defined either by recursion or by composition. We first consider 
the case of composition. 
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Assume that / is defined from functions g, hi, . . . , h m by composition. Then the defining 
axiom for / has the following form. 

Ea,Eg(hx(a),... ,h m {a)) -> /(a) = g(hi(a), . . . ,h m (a)) (4.6) 

By the induction hypothesis, S\E proves 

Eb 1 ,...,Eb m ^Eg(b 1 ,...,b m ), (4.7) 

where bi, . . . ,b m are variables not in {ai, . . . , a n }, and 

Eai, ... , Ea n ->■ Ehj(a±, ... ,a n ) (4.8) 

for j € {1, ... , m}. 

Substituting hj(a\, . . . ,a n ) for frj (j = l,...,m) in (|4.7p and using the Substitution 
Lemma (Lemma 12. 16j) . we obtain an S\E proof of 

Ehi(a\, . . . , a n ), . . . , Eh m {a\, . . . , a n ) — >• 

Eg(h 1 (a 1 ,. . .,a n ), . . .,h m (ai,. . .,a n )). (4.9) 

Applying Cut to (|4.9p and f|4.8j) m times (once for every j), followed by Contraction 
every time but the first, we have an S\E proof of 

Ed!,... ,Ea n -)• Eg(hi(ai,... ,a n ),... ,/i m (ai,... ,a n )). (4.10) 

Applying Cut to (|4.1U|) and (|4.6|) . followed by Contraction, we have 

Eat, ■ ■ -,Ea n -)■ /(a) = g(hi(a),.. .,h m (a)) (4.11) 

Finally, using a substitution instance of Axiom (|2.8h together with Cut, we obtain an S'l-E 
proof of 

Eai,...,Ea n ^ Ef(a u a n ). (4.12) 
Next, we consider the case where / is defined from functions g,ho,h\ by recursion. 
Then the defining axioms for / have the following forms. 

Ea,Eg(a)^ f(0,a)=g(a) (4.13) 
Ea, Ehj(a, f(a,a),a) — > f(sja,a) = hj(a, /(a, a), a) (4-14) 

where j G {0, 1}. 

By the induction hypothesis, S\E proves 

Eai, . . . ,Ea n ->■ Eg{ai,. . . ,a„) (4.15) 

and 

Ea, Eb, Ea\, ■ ■ ■ , Ea n — > Ehj(a, b,a\, . . . , a n ), (4-16) 
where b is a variable not in {a,a\, . . . ,a n } and j G {0,1}. Applying Cut to (|4.15p and 
(|4.13p . followed by Contraction, we obtain 

Eai, ■ ■ ■ ,Ea n -)• /(0,ai, . .. ,a n ) = g(ai, ...,a n ) (4.17) 
Using a substitution instance of Axiom (|2.8p and Cut, we can derive 

Eai,...,Ea n ^ Ef{0,a l7 ...,a n ) (4.18) 
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Substituting f{a, a%, . . . , a n ) for b in (14.16P and using the Substitution Lemma (Lemma 
I2.16p . we obtain S\E proofs of 

Ea,Ef{a,a\, . . . ,a n ),Eai, . . . ,Ea n -> 

Ehj(a, f(a,ai, . . . ,a n ),ai, . . . ,a n ) (4.19) 

for j G {0, 1}. 

Applying Cut to this result and (|4.14p . together with totality of Cond ©, and k, we 
obtain 

Ea, Ef(a, a),Ea — > f(sja, a) = hj(a, /(a, a), a) (4.20) 

for j € {0, 1}. Using a substitution instance of Axiom (|2.8j) together with Cut, we have 
S l 2 E proofs of 

Ea, Ef(a, oi, . . . , a n ),Eai, Ea n -> Ef(s a, a 1 ,...,a n ) (4.21) 
Ea, Ef(a, a 1 ,..., a n ),Eai, Ea n -> Ef(sta, at,..., a n ). (4.22) 

Applying the X^-PLND-E rule (p3UD to gUD, dOTjl . and and setting f to a, 

we have an S 2 E proof of 

Ea,Eai,. . . ,Ea n -> Ef(a,ai, . . .,a n ). (4.23) 
This completes the induction step. 

□ 

4.3. Bootstrapping Phase II : S\E proves *-translations of axioms of S\. In Boot- 
strapping Phase II, we prove the *-translations of axioms of S\ in S\E. There are two kinds 
of axioms: equality axioms and BASIC axioms. 

Proposition 4.5. The * -translations of the equality axioms of S\ o,re provable in S\E. 

Proof. First, we consider the equality axiom a = b — > f(a) = f(b). The *-translation of this 
is Ea,Eb,a = b — > /(a) = f(b). By Proposition 14.31 S\E proves Ea — > Ef(a). Therefore, 
we can derive it from Axiom (|2.14p . 

The proofs for the other equality axioms are straightforward. □ 

Next we prove that the *-translations of the BASIC axioms of S\ are provable in S\E. 

Proposition 4.6. Assume that A is a BASIC axiom. Then (— > A)* (the ^-translation of 
—> A) is derivable in S\E. 

Proof. The BASIC axioms can be derived from the auxiliary axioms by Corollary 14.41 and 
propositional inferences. For example, we consider the BASIC axiom \a\ = \b\ D aj^c = 
b#c. We have the corresponding auxiliary axiom \a\ = \b\, Ea#c, Eb#c — > aj^c = bj^c. 
By Corollary 14.41 we have Ea, Ec —¥ Eaj^c and Eb, Ec —> Eb#c. Therefore, we have 
\a\ = \b\, Ea, Eb, Ec — > aj^c = 6#c by Cut and Contraction. By propositional inference, 
Ea, Eb, Ec, E\a\, E\b\ ->• \a\ ^ \b\ V a#c = 6#c. Again, by Corollary 14.41 and Cut, we have 
Ea, Eb, Ec — > \a\ ^ \b\ V aj^c = bj^c, which is the *-translation of — > \a\ = \b\ D ajfc = bj^c. 

□ 
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4.4. Bootstrapping Phase III :*-translations of predicate logic are admissible 

in S\E. In Bootstrapping Phase III, we prove that the ^-translations of the inferences of 
predicate logic are admissible in S 2 E. 

Definition 4.7. The inference 

rnAj ■ ■ ■ r w -» a w 
r a 

is admissible in S 2 E if T — > A is provable in S 2 E whenever Ti 
provable in S\E. 

Proposition 4.8. // 

iWAi • • • r n -» A n 
r a 

is an inference of predicate logic, then the inference 

(rwAQ* ••• (r ra ^A n )* 
(r ->■ A)* 

is admissible in S 2 E. 

We prove the proposition by considering the various rules of inference of S 2 . We begin 
by providing detailed proofs for the L -i-rule and the R -i-rule, in Lemma 14.91 and Lemma 
14.101 respectively. Then we proceed to proofs for the D-rules and the quantifier rules. The 
proofs for the other rules are trivial. 

Lemma 4.9. 

Ea,T* -> A*,A* 
Ea, (->A)*,r* ->■ A* (4.27) 
is admissible in S 2 E, where a are the variables that occur free in the sequent T A, A. 

Proof. By induction on A. 

If A is atomic, the inference given in the statement of the Lemma is an instance of the 
L-i-rule of S 2 E. In the induction step, we assume that Ea,T* — > A*, A* holds and show 
that Ea, (—>A)*,T* — > A* holds. The proof depends on the form of A. 

A = —lAi: By Identity and Weakening, we have Eb, (At)* —> (At)*, where b are the vari- 
ables that occur free in At- By the induction hypothesis applied to Ai, we can prove 
Eb, (At)*, (->A 1 )* -> in S\E. By assumption, Ea,T* ->■ A*,(->At)* is derivable. Thus 
Ea, (At)*, T* — > A* is derivable by Cut and Contraction. By the definition of *, we are 
done. (Note that, by De Morgan duality, (^At)* = (At)*-) 

A = At A A 2 : Since (At A A 2 )* ^ (At)* and (At A A 2 )* -> (A 2 )* are derivable in S\E by 
purely propositional reasoning, Ea,T* — > A*, (At)* and Ea,T* —¥ A*, (A 2 )* are derivable 
from the assumption that Ea, T* — > A, (At)* A (A 2 )* is provable. By the induction hypoth- 
esis applied to A\ and A 2 , Ea, (~^A{)* , T* — > A* and Ea,(-^A 2 )* ,T* — > A* are derivable. 
Thus by the L V-rule of S\E, we can derive Ea, (-'At)* V (^A 2 )* ,T* ->• A*. By the definition 
of *, we are done. 



A 



1) • • • j J- n 



(4.24) 
A n are 



(4.25) 
(4.26) 
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A = AiV A 2 : Since (A\)* V (A 2 )* ->■ {Ai)*, (A 2 )* is derivable by purely prepositional rea- 
soning in S\E, we have Ea,T* — > A*, (Ai)*, (A 2 )* from the assumption that Ea,T* — » 
A*, (Ai)* V {A 2 )*. Then Ea, (-^Ai)*,T* -> A*, (A 2 )*, by the induction hypothesis applied 
to Ai. Again applying the induction hypothesis, this time to A 2 , we obtain a sequent 
£a,^(Ai)*,^(A 2 )*,r* -> A*. By the LA r and L A 2 -rules of together with Contrac- 
tion, we have Ea, — i(vli)* A ^(A 2 )*,T* — > A*. By the definition of *, we are done. 

A = A\ D A 2 : Since (->Ai)* V (A 2 )* -> (pAx)*, {A 2 )* is derivable by purely prepositional 
reasoning in S 2 E, we have Ea, T* — > A*, (-Ai)*, (A 2 )* from the assumption that Ea, T* — > 
A*, (-1A1)* V {A 2 )* . Applying the induction hypothesis twice in succession (once to ->Ai and 
once to A 2 ), we have Ea, (A{)*, (^A 2 )* ,T* -> A* (since (-.-. Ai)* = {A x )*). By the L Al- 
and L A 2 -rules of S l 2 E, together with Contraction, we have Ea, (A\)* A (pA 2 )* ,T* — > A*. 
By definition of *, we are done. 

A = Vx < i.-Ai(x): Let a be a variable that occurs in neither A nor T — >■ A. By Identity, we 
have A\{a)* — ► Ai(a)*. Thus Eb,Ea,a = a, A±(a)* — > A\(a)* holds by Weakening, where 6 
are the variables other than a that occur free in A\(a). Since a occurs free in a = a, A\{a)* , 
we can apply the induction hypothesis to Eb,Ea,a = o, A\(a)* — > A\{a)*, hence we have 
Eb,Ea,a = a,Ai(a)*, {pA\{a))* -h 

Using Ea -> a = a (Axiom (|2.10j> ). we can derive Eb,Ea,Ai(a)* , (-Ai(a))* ->• by Cut 
and Contraction. By the LbV-rule of S\E, we obtain 

Eb,Ea,a< i,Vx < t.Ai(z)*, (-.Ai(a))* -> . (4.28) 

Using a < t —> Ea (a substitution instance of Axiom (|2.8]) ). we obtain Eb,a < t, Vx < 
t.Ai(x)*, (-iAi(a))* — > by Cut and Contraction. Using the Lb3-rule of S\E, we obtain 
Eb,\/x < t.Ax(x)*,3x < -h By assumption, £a,T* -> A*,Vx < i.Ai(x)* holds, 

so by Cut and Contraction we have Ea, 3x < t.(—iAi(x))*,T* — > A*. By the definition of *, 
we are done. 

A = Vx.Ai(x): The proof is similar to the proof of the previous case, the main differences 
being that we use Ea instead of a < t and we apply the unbounded counterparts of the 
bounded-quantifier rules of S\E employed in that proof. 

A = 3x < t.Ai(x): Let a be a variable that occurs in neither A nor r — > A. As shown in 
the proof of the case where A = Vx < t.A\(x), we can derive Eb,Ea, A\{a)* , (pA\(a))* — >, 
where b are the variables other than a that occur free in A\{a). By the LbV-rule of S 2 E, 
we obtain Eb,Ea,a < t, (Ai(a))* ,Vx < t.{—*A\(x))* —¥. Using a < t — >• Ea (a substitution 
instance of Axiom (12. 8p ). we obtain Eb,a < t, (Ai(a))* , Vx < t.(-<A\{x))* — > by Cut and 
Contraction. Using the Lb 3-rule of S 2 E, we obtain Eb, 3x < t.A\(x)* ,Vx < t.(—>Ax(x))* — >. 
By assumption, Ea,T* — > A*,3x < t.A\{x)* holds, so by Cut and Contraction we have 
Ea,Vx < t.(—>Ai(x))*,T* — > A*. By the definition of *, we are done. 

A = 3x.Ai(x): The proof is similar to the proof of the previous case, the main differences 
being that we use Ea instead of a < t and we apply the unbounded counterparts of the 
bounded-quantifier rules of S\E used in that proof. 

This completes the proof for the L -i-rule. □ 
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Lemma 4.10. 

Ea,A*,T* -» A* 
Ea,T* A*, (-.A)* (4.29) 
is admissible in S 2 E, where a are the variables that occur free in the sequent A, T — > A. 

Proof. By induction on A. 

If A is atomic (A = p{tx,t 2 ), where p is = or <), the inference given in the statement 
of the Lemma follows from the R-i-rule of S 2 E, together with 22a — > Et\ and 22a — > Et 2 , 
where the latter are derivable by Corollary 14.41 In the induction step, we assume that 
Ea, A*,T* — ► A* holds and show that Ea, T* -> A*,{->A)* holds. The proof depends on 
the form of A. 

A = —iAi: By Identity and Weakening, we obtain Eb, (Ax)* — > (Ax)*, where b are the 
variables that occur free in A±. By the induction hypothesis applied to Ax, we have Eb — >■ 
(->Ax)*, (Ax)*. By assumption, Ea, {-iAi)*,T* ->■ A* is derivable, so by Cut and Contraction 
we have Ea, T* — > A*, (Ax)*- By the definition of *, we are done (note that, by De Morgan 
duality, i^Ax)* = {Ax)*). 

A = Ax A A 2 : Since (Ax)*, (A 2 )* {Ax)* A {A 2 )* is derivable, together with the assump- 
tion that Ea,{Ax)* A (A 2 )*,T* -> A* we obtain Ea, {Ax)*, (A 2 )*,T* -> A*. By the in- 
duction hypothesis applied twice in succession (once to Ax and once to A 2 ), we have 
Ea,T* -> A*,(pA 1 )*,(->A 2 )*. By the RVi- and RV 2 -rules of S l 2 E, together with Con- 
traction, Ea,T* — > A*, {—>Ax)* V (—1A2)* is derivable. By the definition of *, we are done. 

A = Ax V A 2 : Since {Ax)* -> {Ax)* V {A 2 )* and {A 2 )* -t {Ax)* V {A 2 )* are derivable, we 
have Ea,{Ax)*,T* -> A* and 22a, (A 2 )*,T* -> A* from the assumption that So, (Ai)* V 
(A 2 )*,T* — >■ A*. By the induction hypothesis applied to Ax and A 2 , we have 22a, T* — > 
A*,{^Ax)* and Ea,T* -> A*,(^A 2 )*. Thus we obtain 22a, T* -»• A*,(^4i)* A (-u4 2 )* by 
the RA-rule of S 2 E. By the definition of *, we are done. 

A = Ax D A 2 : Since (->Ax)* -> (->Al)* V (A 2 )* and (A 2 )* (^1)* V {A 2 )* , we obtain 
22a, {->Ax)*,T* -> A* and 22a, (A 2 )*, T* -> A* from the assumption that 22a, (-^1)* V 
(^4 2 )*,T* — > A*. By the induction hypothesis applied to ->Ai and A 2 , we have 22a, T* — »■ 
A*, {Ax)* (since (-.-. Ax)* = {Ax)*) and Ea,T* A*, (-.A 2 )*. By the RA-rule of S£22, we 
obtain 22a, T* — > A*, (^i)* A (—1A2)*. By the definition of *, we are done. 

A = Vx < t.Ax{x): Let a be a variable that occurs in neither A nor T — > A. By Identity, we 
have Ax {a)* — > Ax{a)* . Thus Eb,Ea,a = a,^4i(a)* — > Ax{a)* holds by Weakening, where 
b are the variables other than a that occur free in Ax {a). By the induction hypothesis 
applied to Ax (a), we have Eb,Ea,a = a — > Ax{a)* , (^Ax(a))* . Using 22a — >• a = a (Axiom 
(|2.10p ). we obtain Eb,Ea ->■ Ax{a)* , (->Ax(a))* by Cut and Contraction. By the Rb3-rule 
of S\E, we obtain Eb,Ea,a < t — > Ax(a)*,3x < t.(^Ax(x))*. Using a < t — > Ea (a 
substitution instance of Axiom (|2.8p ). we obtain 226, a < t — > Ax(a)*,3x < t.(->Ax(x))* by 
Cut and Contraction. Using the Rb V-rule of S l 2 E, we obtain Eb, Et — > Vx < t.Ax{x)* , 3x < 
t.(—>Ax{x))* . By assumption, Ea, Vx < t.{Ax{x))* ,T* — > A* holds where a are free variables 
occuring in Vx < t.{Ax{x)),T — >■ A. By Cut and Contraction we have 22a, Et, T* — > A*, 3x < 
t.{^Ax{x))*. Using 22a ^ Et (Corollary S3J, we obtain 22a,T* -> A*,3x < t.(^Ax(x))* by 
Cut and Contraction. By the definition of *, we are done. 
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A = \/x.A\(x): The proof is similar to the proof of the previous case, the main differences 
being that we use Ea instead of a < t and we apply the unbounded counterparts of the 
bounded-quantifier rules of S\E used in that proof. 

A = 3x < t.A\[x): Let a be a variable that occurs in neither A nor r — > A. As shown in the 
proof of the case where A = Vx < t.A\(x), we can derive Eb, Ea — > A\(a)*, (—>Ai(a))* , where 
b are the variables other than a that occur free in A\(a). By the Rb 3-rule of S\E, we obtain 
Eb,Ea,a < t — > 3x < t.Ai(x)*, (-u4i(a))*. Using a < t — > Ea (a substitution instance of 
Axiom (|2.8p ). we obtain Eb,a < t — > 3x < t.A\(x)* ,{pA\{a))* by Cut and Contraction. 
Using the RbV-rule of S* 2 E, we obtain Eb,Et -> 3x < t.Ai(x)*,\/x < t.(-^A 1 (x))*. By 
assumption, Ea,3x < t.(Ai(x))* , T* — > A* holds, so by Cut and Contraction we have 
Ea, Et, T* A*, Vx < t.(-^Ai(x))* . Using Ea Et (Corollary H3D, we obtain Ea,F* 
A*,Vx < t.(^Ai(x))* by Cut and Contraction. By the definition of *, we are done. 

A = 3x.Ai(x): The proof is similar to the proof of the previous case, the main differences 
being that we use Ea instead of a < t and we apply the unbounded counterparts of the 
bounded-quantifier rules used in that proof. 

This completes the proof for the R -i-rule. □ 

Proof of Proposition \4-8\ We prove that the ^-translation of every inference of predicate 
logic is admissible in S^E. We consider only the rules of inference for negation, implication, 
and quantification. The others are obvious. 

L-i-rule: This rule is treated in Lemma 14.91 

R-i-rule: This rule is treated in Lemma 14.101 

L D-rule: 

Ea, T* ->• A*, A\ Ea, A* 2 ,Y* -> A* 

Ea, \/ A*,T* ->■ A* (4.30) 

The admissibility of this inference follows from Lemma 14.91 and the LV-rule of S 2 E. 

R D-rule: 

Ea, (4i)*,r* -> A*,{A 2 )* 
Ea,F* -> A*,(-.^i)* V (A 2 )* (4.31) 
The admissibility of this inference follows from Lemma 14.101 and the RVi- and RVVrules 
of S\E, together with Contraction. 

Lb V-rule: 

Ea,A(t)*,T* -> A* 

3 

Ea,Eb,t< s,\/x < s.A(x)*,T* -> A* (4.32) 
where the variable x does not occur in the term s, a are the variables that occur free in the 
sequent A(t),T — > A, and b are the variables that occur in s but are not in a. Without loss 
of generality, we can assume that x does not occur in t. Therefore, a, b are precisely the 
variables that occur free in t < s,\/x < s.A(x),T — > A. 

From the premise, we can derive Ea,Eb,t < s, Vx < s.A(x)* ,T* — > A* by the Lb V-rule 
of S\E and Weakening. 
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L V-rule: 

Ea',A(t)*,T* -> A* 
Ea,Vx.A(x)*,T* -)■ A* ' (4.33) 

where o' are the variables that occur free in the sequent A(t),T — > A and a are the variables 
that occur free in the sequent \/x.A(x),T — > A. 

Clearly, every variable that occurs free in \/x.A(x),T — > A also occurs free in A(t), T — > 
A. If there is at least one variable in a' which is not in a, then for each such variable b, 
we substitute for b in both Eb and t. After repeated application of Cut with the axiom 
— > EO, we obtain Ea, A(t')*, T* — >• A*, where t' is obtained by substituting in t for every 
variable in a' which is not in a. 

By the L V-rule of S\E, we have Ea, Et' ,\/x.A(x)* ,T* -> A*. By Corollary H3J we have 
Ea — > Et'. Hence, we obtain Ea, \/x.A(x)*, T* — > A* by Cut and Contraction. 

Rb V-rule: 

Ea, Ea, a<t,F* ->• A*,A(a)* 
Ea, T* A*,Vx < t.A(x)* ' (4.34) 

where neither the variable a nor the variable x occurs in the term t; a does not occur free 
in r — >• A; and a are the variables other than a that occur free in the sequent a < t, T — > 
A, A(a). Clearly a are precisely the variables that occur free in the sequent V -4 A,Vx < 
t.A(x). 

Using a < t — > Ea (a substitution instance of Axiom (|2.8p ). we can eliminate the Ea in 
the antecedent of the premise by Cut and Contraction. Therefore, we have Ea, a < t,T* — > 
A*,A(a)*. Using the Rb V-rule of S l 2 E, we can derive Ea, Et, T* ->• A*,Vx < t.A(x)*. 
However, since Et is derivable from Ea, we obtain Ea,T* — > A*,Vx < t.A(x)*. 

R V-rule: 

Ea{,Ea},T* -4 A*,^(a)* 
Ea,T* ->• A*,Vx.^l(x)* ' (4.35) 
where the variable a does not occur free in T — > A, and a are the variables other than a 
that occur free in the sequent r — > A, A(a). Clearly, a are precisely the variables that occur 
free in the sequent T — >• A,Vx.^4(x). Here, the formula Ea is enclosed in braces to indicate 
that it is not included in the premise of the *-translation of the R V-rule unless the variable 
a occurs free in A(a). Otherwise, Ea can be added to the premise by Weakening. In either 
case, we can derive Ea,Ea,T* — > A* ,\/x.A(x)* by the R V-rule of S l 2 E. 

3-rules: The proofs of admissibility of the *-translations of the 3-rules are analogous to the 
proofs of admissibility of the *-translations of the V-rules. □ 

4.5. Bootstrapping Phase IV : ^-translation of X^- PIND rule is admissible in S\E. 
Finally, we prove admissibility of the *-translation of the S^- PIND rule of S\ . 

First, we prove that our formulation of PIND, which uses the binary successor functions, 
proves Buss' formulation of PIND [5], which uses L^/^J- 

Lemma 4.11. Assume that V, Ea, A([^a\) — > A(a), A is provable in S\E, where the vari- 
able a does not occur free in V — > A and A(a) is a formula. Then T, Ea, A(0) —> A(t), A 
is also provable in S\E, where a are the variables that occur in the term t. 
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Proof. Note that |_2 s o«J = |_2 s i a J = a if E Q holds. Therefore, substituting soa and s\a 
for a in T, Ea, A([^a]) — > A(a),A and applying Cut with Ea — > Esqo, and Ea — > Es±a, 
we obtain T,Ea,A(a) — > A(soa), A and T,Ea, A(a) — > A(sia), A, respectively. Combining 
T,A(0) A(0), A and the S^-PIND-^ rule, we have T,Et,A(0) A(t),A. Since Et is 
derivable from £a (Corollary 14. 4j) . we have T, Ea, A(0) — > A(t),A. □ 

Proposition 4.12. The *-translation of the PIND rule of S 2 , that is, the inference 

Ea{,Ea},T*,A([a/2\)* A(a)*,A* 

Ea{,Eb},T*,A(0)* -+A(t)*,A* (4.36) 

is admissible in S 2 E, where the variable a does not occur free in Y — > A, A(a) is a £^ 
formula, a are the variables other than a that occur free in T,A(\_a/2\) — > A(a),A, and b 
are the variables that occur in t but are not in a. 

The formula E a (in the antecedent of Ea{,Ea},T* ,A(\_a/2\)* — > A(a)*,A*) is enclosed 
in braces, as is Eb (in the antecedent of Ea{, Eb} ,T* , A(0)* — > A(t)*,A*), to indicate that 
Ea and Eb are not included in those antecedents unless the variable a occurs free in A(a). 

Proof. If a does not occur free in A{a), then the premise and the conclusion of (|4.36p are 
identical hence (|4.36p is admissible. 

If a occurs free in A{a), then since A(a)* is a T, 1 - formula, we can apply Lemma 14.111 to 
obtain Ea, Eb,T* , A(0)* ->A(t)*,A*. □ 

Finally, we have the tools to prove Theorem 14.21 which was the main objective of this 
section. 

Proof of Theorem \4-%\ By Propositions 14.51 and 14. 6| the ^-translations of the axioms of S 2 
are provable in S 2 E. Furthermore, Propositions 14.8 1 and 14. 121 guarantee admissibility of the 
*-translations of the inferences of S 2 . Therefore, the *-translation of any sequent r — >■ A 
which is provable in S 2 is provable in S 2 E. 

In addition, the proofs of these propositions show that if a proof of an S 2 sequent r — > A 
contains only and LT* formulae of S 2 , then there is a proof of (r — > A)* that contains 
only T,\ and Ii\ formulae of S l 2 E. □ 



5. FlNITISTIC GODEL SENTENCES OF S 2 E 

In this section, we investigate finitistic Godel sentences of S 2 1 E. Throughout this section, 
i denotes a positive integer, and denotes the Godel number of the formula obtained 

from A{x\) by substituting for the variable x\ the numeral representation of the natural 
number x. The purpose of underscoring the x in |\A(a;)] is to indicate that the entity which 
is substituted is the numeral representation of the natural number x (in the meta-language) , 
and not the variable x (in the object language). 

Now, let us motivate our investigation. The most interesting question concerning S 2 1 E 
is whether S 2 proves i-Con or not. If the answer is negative, we have S 2 ^ S l 2 +2 , hence we 
can conclude that the hierarchy S 2 , S 2 , S 2 , . . . does not collapse. 

Buss and Ignjatovic [6] used a finitistic Godel sentence, together with Solovay's induc- 
tion speed-up method, to show that S 2 does not prove the consistency of proofs that are 
comprised entirely of and II 1 - formulae and use only BASIC axioms and the rules of 
inference of predicate logic. Since their notion of proofs and i-normal proofs have a certain 
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similarity, it looks as though it would be worthwhile to emulate their method to prove 
S\ \f i-Con. Unfortunately, the induction speed-up method in the form in which Buss 
and Ignjatovic used it does not work for S^E. However, it would still be interesting to 
investigate these Godel sentences. 

First, let us see why the induction speed-up method does not work. Buss and Ignjatovic 
employed two approaches to the induction speed-up method. In their first approach, they 
bounded (provably in Sg) the size of an S^ 1 proof of a formula 4>(x) by (x#(x#x)) m + n, 
where m and n depend on the size of an S% proof of \/x.(j){x). In their other approach, 
which they applied to PV and PV~ (the induction- free fragment of PV), they presented a 
polynomial-time computable function which converts a PV proof of a sequent r — > A with 
numerically restricted variables (see p. 241 of [6]) to a PV~ proof of that sequent. We will 
use Proposition 13.201 to show that neither of these approaches works for S 2 E. 

Consider the first approach. If it does work for S 2 E, then for every i-normal formula 
<f>(x) that satisfies S\E h Mx.(j){x), there are natural numbers m,n and k that satisfy the 
condition 

Si h \/x3w < t k (x) m + n.i-Prf(w, \<t>(x)}), (5.1) 

k 

where tk(x) = x#...#x. Let I > k, and derive a contradiction by considering strictly 
i-normal proofs of i;(a) = ti(a). By ()5.ip . for every natural number d there exists a strictly 
1-normal (hence a strictly i-normal) proof w{d) of the formula ti{d) = t\(d) such that 
w(d) < t k (d) m + n. By Proposition E2Q1 Ti(w(d), \U(d) = U(d)],p) holds, where p is 
the empty environment. By Lemma 13.111 w(d) > U(d). However, ti(d) > tk{d) m + n for 
sufficiently large d. This contradicts (|5.ip . 

Now, consider the second approach. Assume that it does work for S 2 E, that is, that 
there is a polynomial-time computable function / which converts S 2 E proofs of numerically 
restricted sequents to strictly 1-normal proofs of those sequents. Let tk(x) as in (|5.ip . and 
consider the sequent — > Etk(d) where d is a numeral. Then S\E h— > Etk(d), by Proposition 
14.31 and the fact that S\E h Ed. The proof of Etk(d) can be taken to be of size 0(\d\ ■ 2 k ). 
Obviously, — > Etk(d) is a sequent with numerically restricted variables (since it has no 
variable). Since induction speed-up works, / computes a strictly 1-normal (hence a strictly 
i-normal) proof w(d,k) of — > Etk(d) in polynomial time. Hence the size of w(d,k) is less 
than 0{\d\ c ■ 2 k ' c ). By Proposition E20] T(w(d, k), \Et k (d)],p) holds, where p is the empty 
environment. By Lemma 13.111 w(d,k) > p(t(d)). Therefore, the size of w(d,k) is greater 
than 0{\d\ k ). However, for enough large k and d, 0{\d\ c ■ 2 fc ' c ) < 0{\d\ k ). Contradiction. 

Next, we investigate a countably infinite set of Godel sentences \/x.(fk{x) and the terms 
k 

, * V 

tk(x) = x#(x#(- • • (x#x))). We show that i-Con is equivalent to \/x.ipk{x) for every k > 2. 
Therefore, we could show that S\ l/i-Con by showing that S\ \/Vx.(pk(x) for some k > 2. 
For k > 1, let ipk be a formula which satisfies 

S\ h Vx[^(x) o -iBw < t k (x).i-PTi(w, \<p k (x)})]- (5-2) 

We would like to prove that the Godel sentence Vx.cpk(x) is undecidable. We can easily 
see that 5^ \f -Nx.tf>).{x). For suppose that S\ I — Nx.(fk{x) then Vx.^fc(x) is false by sound- 
ness of S\, so there exists d such that (fk(d) is false. By (|5.2[) . 3w < tk(d).i-Pxi(w, \ipk(d)~\) 
is true. Hence ipk(d) has a strictly i-normal proof. In particular, S\ \~ <-Pk{d). Since (fk(d) is 
false, this contradicts the soundness of S l 2 E. 
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On the other hand, it looks as though it would be difficult to prove that S\ \/^x.^pk{x). 
The crux of the problem is that even if S\ h Vx.(fk(x), there is no (known) bound on the 
length of a strictly i-normal proof w(d) of <pk(d). We know that w(d) is not bounded by 
tk(d), because by (|5.2|) that would contradict the consistency of 5|. However, perhaps w(d) 
is bounded by ti(d) for some I > k. 

Finally, we prove that S\ \~ i-Con o \/x.ipk(x) for k > 2. The proof of S\ \~ «-Con — > 
Vx.(/?fc(x) uses a method similar to that used in the proof of Theorem 4 on p. 135 of [5]. The 
proof of S\ ^ 2 -Con <— \/x.(fk(x) is a consequence of the trivial fact that a contradiction 
proves anything. 

First, consider S\ h z-Con — )■ Vx.(fk(x). By (|5.2p . we have 6*2 I - -^fc(x) — > Bio < 
tk(x) .i -Pii(w , \ipk(x)1). On the other hand, using a method similar to that used for the 
proof of Theorem 4 on p. 135 of [5], we can prove that for every T,\ formula ip(x), there 
is a term u(x) such that S\ h ^(a;) — > 3w < u(x).0-Prf(u), \i^{x)~\). Since -npk(x) is a 
formula, there is a term such that I - -■^(x) — > 3w < f (x).O-Prf(w, [""^(sc)]). 
Therefore, 5| I — ^^fc(x) — > 3w.i-Prf(w, [—>•]). 

Now consider S2 l~ Vx.(pk(x) i-Con, and assume that i-Prf(u;, [—>•]). Then by 
Weakening there exists w'(x) = 0(x) such that i-Pvf(w'(x), \*Pk(x)~\)- Therefore, w'(x) < 
tk(x) for sufficiently large x if k > 2. (Note that for A; = 1, we have tfc(x) = x, so this 
inequality does not hold.) Hence 3w' < t/ c (x).i-Prf(u; / , |"y?fc(x)]) for sufficiently large x, in 
which case S l 2 I — «fk(%) by (|5.2p . From this it follows that S 2 \~ 3x.-'(fk(x). 
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